Using Let's encrypt certificate of Synology NAS

It’s very easy :slight_smile:

https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/connection_certificate

1 Like

Now I am very interested to know if both services can be used. I already use letsencypt with HASS

I have a DS213+ with on it Let’s Encrypt certificates, NGINX with reverse proxy pointing at my Pi3 with Hassbian. A subdomain pointing at my home network. Works like a charm.

1 Like

Thanks! I tried the same thing as you described but it doesn’t work yet.

  • I changed the portal mustache file on my nas
  • I set up a reverse proxy (source: https port: 8123 / destination: [ip of PI] https port 8123 )
  • In the router I forwarded port 8123 to 8123 at the nas

Could you tell me what I’m missing?

In the router you only need to forward port 443. You only want https traffic, that’s the idea. And remember to alter the mustache file with every major DSM update. Good luck!

Also reroute port 443 to 8123 as a Reverse Proxy-rule. See the image down here.

1 Like

Is there anything similar for QNAP?

what do I exacvtly need to do on my router?

EDIT
I managed forwarded port 80 to IP of my synology

Shouldn’t it be port 443 (https) instead of port 80 (http)?

I think Port 80 forward is needed by letsencypt to validate? It did work.

Now I have port forward 443 to the pi3 that has HASS. I can forward 443 either to the pi3 or synology, correct?

Sorry don’t understand much of it.

What you suggest my configuration should be?

How to use username and password on the mqtt on synology?

How to have SSL also for mqtt?

Oké, let’s see what I have: https://ha.mysite.nl (port 443) points at my home network. From there my router sends it to my Synology, still as https (thus port 443). From there my Synology takes over. Look at my post from a couple of hours ago. The reverse proxy on my Synology doesn’t support web sockets out of the box. That’s why I have to alter the mustache file. From there the Synology routes the traffic as HomeAssistant traffic (port 8123) to my Pi.
I run mqtt on my Pi as well so don’t need to do anything with username/password/SSL on my Synology. Hope this helps.

1 Like

I see. I think I understood .

But I use Zanzito mqtt app, which is very cool to interact with HASS when home (no problem) but also outside home, and there is probably needed SSL for mqtt.

Correct? Or?
Using mqtt on synology makes it possible?

PS I recommend Zanzito if you use android, it is very useful

Other question, why you go through the synology and not use the forward 443 directly to the pi3 and letsencypt on the pi3?

Yes this works for me!

1 Like

I use more than one https connection to my home network. A secure connection (over https / port 443) to my Pi is just one of many.

Don’t understand much.

You forward 443 to more than one device?

Yes, with different (sub)domains.

Mmhh can you make me an example. Thanks

Home Assistant on a Pi, Wordpress on the Synology.

I mean an exdample of port forwarding with sub domains…

Sorry, trying to understand.

In my router when I port forward 443 I can do it only once. And have no options of domains. I am sure I am missing something but do not know what