Synology Photos app ONLY not accepting imported SSL Cert?

Currently reading
Synology Photos app ONLY not accepting imported SSL Cert?

Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
Hi there,

So I had an earlier issue that my connection to Synology Photos was super slow locally. This was because I was using an external address to access the server instead of an internal IP, but in terms of keeping the connection the same for the mobile app, it was required for me to keep the same url (which is based off my own domain). In the end, even though I have Hairpin NAT enabled on my router, I still needed to create a DNS rule to rout traffic of my external domain to the internal IP. That fixed the problem when it comes to computers accessing SP over a browser.

However for mobile, the big issue now is SSL certs.
When I'm connected to the server outside the network (through app or computer browser), everything is fine (I'm connecting through a reverse proxy that is using the same SSL certs that I imported to the NAS for SP since it's a wildcard cert). However when I switch my connection to my local network, I get a notification that the cert is invalid/untrusted. I need to log out, re-enter my credentials, then it tells me that the cert cant be verified to a proper CA. I'm able to login if I accept untrusted, but videos no longer work unless I enable HTTP.

This is definitely not ideal as a user would have to keep logging in and out depending on if they're connected locally or not, and enable/disable HTTP if they are local or while the cert is "untrusted".

Is there anything that I'm missing with this?

To extend the info, we'll use as the domain in question.
  • For external, the domain calls into my network, then hits my reverse proxy, which forwards the request to
  • For internal, the domain call is intercepted now by my Pi Hole DNS Server, which instead of going out through WAN, just forwards the request directly to
  • SSL is working fine both internally and externally through computer browsers, or through mobile web browsers.
  • SSL succeeds on mobile app IF the connection was established outside of the network, and IF HTTP is turned off.
  • SSL fails if after establishing credentials outside the network, the network is changed to internal. There, the app says that the address is incorrect. To fix, I need to login again. Upon logging in again, I'm presented with an "Untrusted Certificate" error because it could not verify the CA. Trusting the untrusted certificate does allow me to use Photos, however video doesn't work. To get it to work, I need to enable HTTP.
  • SSL fails when I leave local to external because HTTP needs to be disabled, and I need to logout again because the address is again incorrect.
  • The cert is a Sectigo PositiveSSL Wildcard which covers *
So from what I gather so far, seems as if when I do Split DNS, since the destination IP changes, Synology Photos sees the IP's as different and wants to kill the session instead of relying on the domain name itself (external ip when externally connected, internal IP when internally connected, but on the same domain. SP sees the IPs not the domain).
Is there any way around this?

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I struggled with larger video files (even if it's only 90 MB) that haven't backed up to my NAS via the...
  • Question
Having Problem with External User Access to Synology Photos: - I have set Shared Permission to...
My Synology DS220+ contains a large number of photos, mainly .JPG format which I have tagged on my PC over...
You can just dump them in, the system will take some time to index.. with so many photos you will need...
Well, having two nearly identical 720+’s except for SSD vs HDD, the SSD seems quicker in operation for...
Synology Photos will upload original quality images and using the web app you will have the option to...

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!