An Audiostation Certificate Auddity

Currently reading
An Audiostation Certificate Auddity

DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS212, RS816, RS819, DS223, DS920+
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Posting in hopes of saving someone else the grief I just went through.

I wanted to get Audiostation to work with Amazon Alexa. (I'm in the US, where this is supposed to work; I understand that in some other parts of the world it doesn't, by design, though I'm not sure why...anyway, I digress...)

To use Alexa with Audiostation, you must first, in Audiostation/Settings/Advanced, turn on "Enable Amazon Alexa Service," and enter an https - enabled hostname by which Alexa will connect with Audiostation. It can't be a hostname with a self-signed certificate; it must be "valid and trusted." A Let's Encrypt certificate counts as "valid and trusted."

So I tried this, and typed my hostname, for which I had a Let's Encrypt cert installed, into the window, and got the message that this was NOT a hostname with a valid and trusted certificate! What? Of COURSE it is! I tried a bunch of times, and no dice. Here's where I can save you some time: I had imported the Let's Encrypt Certificate into the Synology using only the private key file and the certificate file, but not the intermediate certificate, because for some time now, Synology has allowed you to do this...and the certificate works fine in every other context. (And, in fact, the Synology RT2600 certificate facility doesn't let you put in an intermediate certificate even if you want to! There's no spot for it!)

Reimporting the certificate with the (intermediate) ca.cer file solved everything. From the perspective of everything but Audiostation, as far as I can tell, the certs work just fine without the ca.cer... but for Audiostation to work with Alexa, for some reason, you need it.

Let me know if I'm stupid, and that this should have been obvious; to me it seems like quirky behavior, at best.
Started to write a comment mid-way reading to suggest using privkey + fullchain and see if that will fix. I have had some services that on ios version of the app that uses the service hosted on the NAS would throw an error if not using the full chain.

Ofc it makes sense of the whole path needs to a valid one as Alexa expects it. Glad you got it going.
Last edited:
i found a far easier solution to the same issue

I set all certs as default on the NAS for the one that i used for audio-station
by mistake i had another domain as default
also i had strict firewall rules because i was having lots of brute force attacks
when I clicked on external access in connectivity it asked me if I want to add ports to the firewall, i clicked yes...presto all good

Soooo, it is basically me changing the dsm port :D

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Solved
Good to hear the progress. Success!

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!