Install Synology NAS managed Let's Encrypt Certificate in NGINX
Synology NAS can be used for certificate management, and Let's Encrypt certificate can be exported as ZIP file used for NGINX HTTPS configuration.
- Go to Control Panel -> Security -> Certificate
- Select certificate to be exported
- Select Export Certificate from right click menu
- Save exported file
For existing certificates, can use
right click -> renew option to renew.
Note: All domain in the certificates, must be resolved to current Synology NAS at port 80 and port 443, otherwise, certificate generation will be failed.
In downloaded ZIP file, following files can be found.
Verify NGINX configuration as below
- Restart NGINX
The date of issue for new certificate should be displayed in certificate information window.
Following command can be used for verification
openssl s_client -connect <domain_name>:<port>
If got following error, concatenate
cert.pem, because the full chain is required.
verify error:num=20:unable to get local issuer certificate
verify error:num=21:unable to verify the first certificate