Let's Encrypt Certificate Renewal

Currently reading
Let's Encrypt Certificate Renewal

129
46
NAS
DS218+
On the subject of Let's Encrypt certificate renewal, is there any way of notifying that the certificate as been renewed at the time of renewal?
Recently I noticed, at last, that my certificate had been auto-renewed (I am still using DSM 6.2.4). Accessing the NAS via iPad or iPhone I had a message that the certificate had changed and did I trust it. I then checked the certificate and found that it had an extra 90 days. It would help to know that the certificate has changed. (Perhaps DSM 7 does that, but going on comments her, I am in no hurry to install that yet.)
 
It used to work years ago, before LE deprecated the tls-challange due to security flaws.
I am afraid you'll have to make port 80 available for a LE renewal.

N.B.: there is also the dns-challenge, that requires the injection of txt-records in the dns hosted zone.
 
I am not aware if the Syno Cert Manager implents dns-challenge.

Though, other LE clients like acme.sh do support it well - if there is build-in support for your dns provider than it's even nicer. Acme.sh even has a hook to upload renewed certificates back to the cert manager. On top you will be able to issue wildcard certificates.
 
654
123
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Atm, still no support.

Rusty, I know you have a guide for wildcard certs using cloud flare.

Here’s my dilemma, I have a free website hosted by google using my domain name. Everything else that I use for RP is for subdomains. Is there a way to do that wildcard cert and cloudflare without hitting the main domain, only the subdomains?
 

Telos

Subscriber
2,840
898
NAS
DS418play, DS213j, DS3622+, DSM 7.2.4-11091
Is there a way to do that wildcard cert and cloudflare without hitting the main domain, only the subdomains?
This is not possible, but you can get individual certs for each subdomain. But why not a full wildcard cert based on the primary domain?
 

Rusty

Moderator
NAS Support
6,095
1,785
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Rusty, I know you have a guide for wildcard certs using cloud flare.

Here’s my dilemma, I have a free website hosted by google using my domain name. Everything else that I use for RP is for subdomains. Is there a way to do that wildcard cert and cloudflare without hitting the main domain, only the subdomains?
CF will require a root domain registration.
 
I recently moved three domains to Cloudflare: for each domain the dns entries (subdomains, mx records, ...) where detected and suggested to "move" as well.
 
654
123
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
No doubt there wouldn’t be an issue moving it to cloudflare, my issue is the website of my root domain which is hosted by google domains breaks. It’s as if the root domain needs to remain with googles name servers for the website.
 
I have no idea if you use google cloud dns or not, or if your dns provider is in the list at all.
I don't want to be rude, but have you tried googling it?
 
654
123
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
I have no idea if you use google cloud dns or not, or if your dns provider is in the list at all.
I don't want to be rude, but have you tried googling it?

I use google domains, but unsure of this is also considered google cloud.
Yes there’s not much information about acme.sh support
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Ah ha right I'm with you, now, in that case I'll not worry as it's a very small private forum and we're...
Replies
4
Views
2,752
As I said above, in the log under /var/log messages it says: Timeout during connect (likely firewall...
Replies
10
Views
3,925
  • Solved
If it is of interest, when I got caught by the 143 character limit, I used an app 'Path Length Checker' on...
Replies
7
Views
614
  • Question
The whole world agrees that https is the right and secure way to access web applications. The question is...
Replies
1
Views
178
If a answer is still needed! You should import the cloudflare orgin server RSA PEM see doc. Origin CA...
Replies
1
Views
877
Replies
2
Views
823
Tremendous stuff thank you fredbert.
Replies
4
Views
1,082

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top