How do you change the Self Signed Certificate with Let's Encrypt on Synology?


Recommended Posts

  • 1 year later...
  • 1 year later...

I let the Synology Diskstation manage the let's encrypt certificate (renewal etc.). I transfer this certificate to resilio to use it for the webgui.

My Approach (DSM 6.2.4-25556 Update 6):

Log into the diskstation with admin rights. As root, create a subfolder in the resilio settings folder:

sudo -i
cd /usr/local/resiliosync/var
root@xxx:/usr/local/resiliosync/var# mkdir certificate
root@xxx:/usr/local/resiliosync/var# chown rslsync:users certificate
root@xxx:/usr/local/resiliosync/var# chmod 700 certificate

Back up the config file sync.conf:

root@xxx:/usr/local/resiliosync/var# cp sync.conf sync.conf.bak

Edit the config file and insert after the part

... "webui":{"force_https": true

the following:

,"ssl_certificate":"/usr/local/resiliosync/var/certificate/cert.pem","ssl_private_key":"/usr/local/resiliosync/var/certificate/privkey.pem"

 

Now, in the control panel create a new cron job:

As user root, have the following script run regularly, e.g. daily. This will copy the certificate to the folder you created above. This is only necessary when the certificate is renewed, but it does no harm to do it daily.

cp /usr/syno/etc/certificate/system/default/cert.pem /usr/local/resiliosync/var/certificate/cert.pem
chown rslsync:users cert.pem
chmod 600 cert.pem
cp /usr/syno/etc/certificate/system/default/privkey.pem /usr/local/resiliosync/var/certificate/privkey.pem
chown rslsync:users privkey.pem
chmod 600 privkey.pem

Run the job once and check the certificate folder you created above to see whether the certificates have been copied.

Finally, restart Resilio Sync in the packet manager to let it know the new config file.

 

At the moment it seems to work well. YMMV

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.