Using Let's encrypt certificate of Synology NAS

nelbs · July 1, 2017, 1:44pm

Hi, I would like to use SSL with let’s encrypt. For my Synology Nas I already have a domain with a lets encrypt certificate.
So is there a way to use the same domain and certificate? I do not want two different domains and I think it goes wrong if I obtain a new certificate for the same domain I use for my NAS.

Thanks in advance

Nick

anon35356645 · July 1, 2017, 3:00pm

Off Topic.

May I know how you did for the nas? Any link for instructions?

Thanks

nelbs · July 1, 2017, 5:00pm

It’s very easy

https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/connection_certificate

anon35356645 · July 1, 2017, 6:08pm

Now I am very interested to know if both services can be used. I already use letsencypt with HASS

doubleUS · July 1, 2017, 9:59pm

I have a DS213+ with on it Let’s Encrypt certificates, NGINX with reverse proxy pointing at my Pi3 with Hassbian. A subdomain pointing at my home network. Works like a charm.

nelbs · July 14, 2017, 11:04pm

Thanks! I tried the same thing as you described but it doesn’t work yet.

I changed the portal mustache file on my nas
I set up a reverse proxy (source: https port: 8123 / destination: [ip of PI] https port 8123 )
In the router I forwarded port 8123 to 8123 at the nas

Could you tell me what I’m missing?

doubleUS · July 15, 2017, 5:51am

In the router you only need to forward port 443. You only want https traffic, that’s the idea. And remember to alter the mustache file with every major DSM update. Good luck!

doubleUS · July 15, 2017, 9:56am

Also reroute port 443 to 8123 as a Reverse Proxy-rule. See the image down here.

anon35356645 · July 15, 2017, 10:51am

Is there anything similar for QNAP?

anon35356645 · July 15, 2017, 11:17am

what do I exacvtly need to do on my router?

EDIT
I managed forwarded port 80 to IP of my synology

doubleUS · July 15, 2017, 2:06pm

Shouldn’t it be port 443 (https) instead of port 80 (http)?

anon35356645 · July 15, 2017, 2:14pm

I think Port 80 forward is needed by letsencypt to validate? It did work.

Now I have port forward 443 to the pi3 that has HASS. I can forward 443 either to the pi3 or synology, correct?

Sorry don’t understand much of it.

What you suggest my configuration should be?

How to use username and password on the mqtt on synology?

How to have SSL also for mqtt?

doubleUS · July 15, 2017, 2:28pm

Oké, let’s see what I have: https://ha.mysite.nl (port 443) points at my home network. From there my router sends it to my Synology, still as https (thus port 443). From there my Synology takes over. Look at my post from a couple of hours ago. The reverse proxy on my Synology doesn’t support web sockets out of the box. That’s why I have to alter the mustache file. From there the Synology routes the traffic as HomeAssistant traffic (port 8123) to my Pi.
I run mqtt on my Pi as well so don’t need to do anything with username/password/SSL on my Synology. Hope this helps.

anon35356645 · July 15, 2017, 2:32pm

I see. I think I understood .

But I use Zanzito mqtt app, which is very cool to interact with HASS when home (no problem) but also outside home, and there is probably needed SSL for mqtt.

Correct? Or?
Using mqtt on synology makes it possible?

PS I recommend Zanzito if you use android, it is very useful

anon35356645 · July 15, 2017, 2:35pm

Other question, why you go through the synology and not use the forward 443 directly to the pi3 and letsencypt on the pi3?

nelbs · July 15, 2017, 2:47pm

Yes this works for me!

doubleUS · July 15, 2017, 3:53pm

I use more than one https connection to my home network. A secure connection (over https / port 443) to my Pi is just one of many.

anon35356645 · July 15, 2017, 4:07pm

Don’t understand much.

You forward 443 to more than one device?

doubleUS · July 15, 2017, 6:29pm

Yes, with different (sub)domains.

anon35356645 · July 15, 2017, 6:43pm

Mmhh can you make me an example. Thanks