Importing a PossitiveSSL Certificate into synology

Currently reading
Importing a PossitiveSSL Certificate into synology

Good evening all, I have been using a Let's encrypt certificate for years issued to my subdomain "". It happened that the script that renewed the cert had issues getting out due to some changes in the router which caused the cert to expire. I tried to renew it but it was not possible. I removed the cert and tried to create a new one, only to get a message "Failed to contact Let's encrypt server. Please make sure domain name is valid".

What I did is I generated a new CSR in synology for the same subdomain and bought a PositiveSSL cert from my Registar for 2 years and after activating it, they send the ca.crt and ca_bundle.crt file for it. Imported the certificate based on instructions on security-->certificate--add and gave

1. server.key
2. ca.crt
3. ca_bundle.crt

So far so good, certificate imported fine and shows its expiration date on 2022. After that I configured the services to use this cert and made it the default. Webserver restarted and all looks good I see the padlock green when browsing and connecting to DSM management interface, Fileserver and other services. My only issue is OpenVPN. This is broken.

I did export a new config file and imported that on OpenVPN GUI that I have installed on my windows 10 desktop but connection is not going through.

I get this error:

2021-03-02 22:00:43 VERIFY ERROR: depth=2, error=unable to get issuer certificate:
2021-03-02 22:00:43 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-03-02 22:00:43 TLS_ERROR: BIO read tls_read_plaintext error
2021-03-02 22:00:43 TLS Error: TLS object -> incoming plaintext read error
2021-03-02 22:00:43 TLS Error: TLS handshake failed
2021-03-02 22:00:43 SIGUSR1[soft,tls-error] received, process restarting

I'm not sure why only OpenVPN is having issues.

Here is some more info.

DSM version is 6.2.3-25426 update 3
OpenVPN is v2.5.1

Anyone has hit this issue? Is there any solution for this? I read some other link where they want you to concatenate and merge ca files but they were all at least 8 years old and things have changed. I tried some of them but I get the same error.

Any help is appreciated,

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
In Synology DSM 7.1.1-42962 Update 6 I have number of reverse proxy rules on different domains, and in the...
thanks a lot my friend, I will ask their costumer service on Monday /hug

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads