I like my Synology NAS. I do not like its LetsEncrypt integration. I like to issue my certs with cert-manager running on Kubernetes.
To accomplish this, we will create some Kubernetes resources that:
- Create/maintain the certificate as a Secret
- Create a robot account with permissions to read the Secret
Then we will configure a script that runs weekly on the NAS. This script will download the certificate via curl
, load it into DSM and restart the web server.
This was written for DSM 7. If you are using DSM 6 this will not work as certificates are managed differently.