Table of Contents
Install Synology NAS managed Let's Encrypt Certificate in NGINX
Certificate Management
Synology NAS can be used for certificate management, and Let's Encrypt certificate can be exported as ZIP file used for NGINX HTTPS configuration.
- Go to Control Panel -> Security -> Certificate
- Select certificate to be exported
- Select Export Certificate from right click menu
- Save exported file
For existing certificates, can use right click -> renew
option to renew.
Note: All domain in the certificates, must be resolved to current Synology NAS at port 80 and port 443, otherwise, certificate generation will be failed.
In downloaded ZIP file, following files can be found.
certs.pem
chain.pem
privkey.pem
NGINX configuration
-
Concatenate
cert.pem
andchain.pem
tocert-with-chain.pem
(orfullchain.pem
) file -
Copy
cert-with-chain.pem
andprivkey.pem
into NGNIXconf.d
folder -
Verify NGINX configuration as below
ssl_certificate conf.d/cert-with-chain.pem;
ssl_certificate_key conf.d/privkey.pem;
- Restart NGINX
Verification
Browser
The date of issue for new certificate should be displayed in certificate information window.
Command line
Following command can be used for verification
openssl s_client -connect <domain_name>:<port>
If got following error, concatenate chain.pem
into cert.pem
, because the full chain is required.
verify error:num=20:unable to get local issuer certificate
verify error:num=21:unable to verify the first certificate