This how-to has been tested using a Synology DS214play nas with DSM 6.X and Syncthing v1.1.4.
Default Synology certificate and private key (e.g., released by Let's Encrypt) at this path:
/usr/syno/etc/certificate/system/default/{cert.pem|privkey.pem}.
After installing Syncthing using synocommunity.com repository, its self-signed certificate will be at this path:
/volume1/@appstore/syncthing/var/. This directory contains the priv-pub key to identify the device (cert.pem and key.pem) and the certificate and private key for the web interface (https_cert.pem and https_key.pem). We need to replace these last two with the Synology's ones.
Backup Syncthing certificate:
$ sudo su
# cd /volume1/\@appstore/syncthing/var/
# mv https_cert.pem https_cert.pem.bk
# mv https_key.pem https_key.pem.bkNow let's copy Synology's certificate here:
# cp /usr/syno/etc/certificate/system/default/cert.pem /volume1/\@appstore/syncthing/var/https_cert.pem
# cp /usr/syno/etc/certificate/system/default/key.pem /volume1/\@appstore/syncthing/var/https_key.pemWe also need to change the owner and permissions for the new files:
# cd /volume1/\@appstore/syncthing/var/
# chown sc-syncthing:syncthing https_cert.pem
# chown sc-syncthing:syncthing https_key.pem
# chmod 640 https_cert.pem
# chmod 600 https_key.pemThat's it. Now restart Syncthing and its web gui (reachable at port 8384) will have the right certificate
This still needs your manual interference every 3 months: copy jobs and permission fix.
My solution:
backup
mv https_cert.pem https_cert.pem.bk
mv https_key.pem https_key.pem.bk
Link
ln -s /usr/syno/etc/certificate/system/default/cert.pem /volume1/@appstore/syncthing/var/https_cert.pem
ln -s /usr/syno/etc/certificate/system/default/key.pem /volume1/@appstore/syncthing/var/https_key.pem
3. permission
I have not figured out how to fix the permission automatically after each update yet.
The stupid way is to schedule a job running everyday to fix the permission, as if the certificate was just updated yesterday.