Security SSL Certificates

Currently reading
Security SSL Certificates

Hi All, I have a question about my NAS, and the SSL certificates. I get a security report every month, and my NAS boxes flag, because the SSL certificate isn't registered against my domain, but instead Synology domain name. When i select to add a new cert from Lets encrypt, under security tab in control panel, and i input my domain name, it states i need to check my FW rules etc., to enable access, which is fine, i guess i need to open port 80 on my router. But the question i have is, will that be enough ?
 
The SSL certificate that is created during initial setup is there to get things moving.

To use Let's Encrypt for your personal domain you will need your router to forward HTTP port 80 to the NAS. That should be enough. I believe every subject alternative name that you include will also be tested by LE so they mustn't be blocked by the NAS, e.g. by a LAN-only access policy.

Once created, LE certificates will auto-renew.
 
Upvote 0
Thanks @fredbert ! - thing is now confused on is, internal access to port 80 isn't blocked, but when i put my domain name in , it tells me the issuer cannot validate the domain name, so suspect this either needs to be an external domain suffix, and not a local FQDN , or it needs external Port 80 HTTP traffic access.
 
Upvote 0
It has to be a domain you own and is maintained on an Internet DNS service. LE will resolve it back using the publicly available DNS services to you Internet connection.

You could start by using the NAS's Synology DDNS, e.g. you choose something like mynas.synology.me. This feature should create a certificate as part of the setup.
 
Upvote 0
Thanks again for the help, I guess the connection looks OK, as im validating internally , so Lets encrypt can do that without external port 80 access, otherwise id need to make some FW changes on our network. Question for me now is what do I put in the domain name ? the FQDN or the domain name for the site ? as im still getting errors when i try to request the new cert
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top