ControlledChaos Posted October 12 Report Share Posted October 12 Hi All, I am attempting to install a custom SSL certificate from LetsEncrypt for the ResilioSync Web UI, but are having a problem with it. I am using a Synology DSM 7 and have installed ResilioSync using the default provided package. ResilioSync version: 2.7.2.1375-3152 I have copied the cert.pem and privkey.pem files into the directory: /var/packages/resiliosync/target/var/ I then chmod them to 700 (have tried 777 as well) and chown them to rslsync:resiliosync so that they look like this: -rwx------ 1 rslsync resiliosync 1914 Oct 12 16:15 cert.pem -rwx------ 1 rslsync resiliosync 1704 Oct 12 16:15 privkey.pem I have then edited the sync.conf file in the same directory to have this line: "force_https": true, "ssl_certificate":"/var/packages/resiliosync/target/var/cert.pem", "ssl_private_key": "/var/packages/resiliosync/target/var/privkey.pem" Experiences Synology DSM users will recognize that these paths include a series of links to the actual physical directories, I have even tried the actual paths without the links: "force_https": true, "ssl_certificate":"/volume1/@appstore/resiliosync/var/cert.pem", "ssl_private_key": "/volume1/@appstore/resiliosync/var/privkey.pem" I then restart the resiliosync package. When I attempt to go to the WebGUI the page never returns, it actually times out. When I look at the log, I see the following lines: [20241012 16:33:04.526] HTTPS: failed to load private key from file [20241012 16:33:04.526] HTTPS: failed to load certificate This is baffling to me because if I run the following: sudo -n -u rslsync cat cert.pem and sudo -n -u rslsync cat privkey.pem I get the expected results back which tells me the permissions are correct, so I cannot figure out why the OpenSSL library of ResilioSync is not able to open the cert.pem and/or the privkey.pem Any ideas? I thank you all in advance for any and all thoughts on this. Quote Link to comment Share on other sites More sharing options...
eltopo Posted Thursday at 06:50 PM Report Share Posted Thursday at 06:50 PM It would be much easier for you to use DSM7's reverse proxy to handle https:// protocol while RSL is running http only mode: 1. set up a domain name, e.g., myrsl.myname.com, for your DSM/RSL and let DSM get/renew LE certificate for that domain name; 2. set up a reverse proxy rule: https://myrsl.myname.com --> http://localhost:8888 (RSL's port) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.