How to Renew Wildcard Non-synology LetsEncrypt Certs?

Currently reading
How to Renew Wildcard Non-synology LetsEncrypt Certs?

323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
I know that we have talked wildcard certs to death, but it's spread over several threads, and wildcard advice is mixed in with non-wildcard advice, etc. So, with my head hanging in shame, I am renewing this yet again:

I have my own domain name, and was able to use Zerossl to generate a 90 day wildcard letsencrypt cert, and install it on my Synology.
I have access to my DNS settings, and was able to enter the _acme-challenge TXT entry required to generate the wildcard cert in the first place - the entry is still there, but I assume it would need to be different for each renewal.

The cert is going to come up for renewal soon, and Zerossl has in the meantime switched to a fee-based model, and the fees are ridiculous. So my plan to renew using zerossl has been shot to hell.

I don't think the Synology is going to be able to renew it on its own, without user intervention, but please let me know if you think I'm wrong about that.

Assuming I'm right about that, and I have server.csr and server.key files, what is the easiest (free) way to renew my non-synology, wildcard cert?

I tried to run certbot on the Synology, without success; apparently there are a number of dependencies I would need to address.
I looked at certbot for Docker, but it's not clear to me that it can do wildcard certs for the Synology without, again, other dependencies addressed.

So what's my best course, and is there a Synology-specific tutorial somewhere for it?
 

Rusty

Moderator
NAS Support
2,380
705
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
but I assume it would need to be different for each renewal.
nope
So what's my best course, and is there a Synology-specific tutorial somewhere for it?

I use this method for years with multiple domains, no problem at all and not dependent on anything but docker and LE support, and by the looks of it, that’s not going anywhere but forward.
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Rusty, FANTASTIC tutorial, thank you - just implemented, tested, and it worked beautifully. Let me know when you run out of 🍪, I will upload more.
 

Rusty

Moderator
NAS Support
2,380
705
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Rusty, FANTASTIC tutorial, thank you - just implemented, tested, and it worked beautifully. Let me know when you run out of 🍪, I will upload more.
Then start uploading... I’m always out of cookies ;). Glad you got it going.
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
10 PRINT
🍪
🍪
🥠

🥠
🍪
🥠
20 GOTO 10
 

Shadow

Subscriber
467
161
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android

Is this guide still accurate? I followed all the steps, but on step 7 I get this...


Code:
TZ=Europe/Amsterdam

URL=blablabla.com

SUBDOMAINS=wildcard

EXTRA_DOMAINS=

ONLY_SUBDOMAINS=false

VALIDATION=dns

DNSPLUGIN=cloudflare

[email protected]

STAGING=


SUBDOMAINS entered, processing

Wildcard cert for blablabla.com will be requested

E-mail address entered: blablabla.com

dns validation via cloudflare plugin is selected

nerating new certificate

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator dns-cloudflare, Installer None

An unexpected error occurred:

requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f35914b0130>: Failed to establish a new connection: [Errno -3] Try again'))

Please see the logfiles in /var/log/letsencrypt for more details.

ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.
 

Rusty

Moderator
NAS Support
2,380
705
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Have you configured the INI file? Yes, the tutorial is still accurate.
 

Shadow

Subscriber
467
161
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
Have you configured the INI file? Yes, the tutorial is still accurate.
Is this guide still accurate? I followed all the steps, but on step 7 I get this...


EDIT: Ok, not sure why. But after destroying the LE docker container and re-created it using a MACVLAN IP address it worked. Feels like it couldn't access the internet using the default Docker network, but other containers in this same network are able to access the internet just fine..

Anyway. Great stuff!
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top