How To Renew Let’s Encrypt Certificate On Synology NAS

How To Renew Let’s Encrypt Certificate On Synology NAS

The free certificate issued by Let’s encrypt lasts 3 months after which it must be renewed, before the deadline. Through its powerful operating system, Synology NAS integrates this “process” and makes it automatic and very easy to manage. If you have a domain and use it for web hosting or simply to access your Synology NAS, it is possible to renew the certificate following the steps in this guide that I have carefully prepared for you.

  • STEP 1

Please Support My work by Making a Donation.

  • STEP 2

Log into your router and go to the Port Forwarding area. Select your NAS Local IP Address and port forward port 80 and port 443 both TCP/UDP. Remember that every router has its own interface design. At the moment I am using a RT2600ac router. Follow the instructions in the image below:

1 Synology NAS Renew SSL Certificate

  • STEP 3

Log into your Synology NAS. Go to Control Panel / Security / Certificate tab. Right mouse click on the domain you want to renew. Click “Renew Certificate“. Follow the instructions in the image below.

2 Synology NAS Renew SSL Certificate

  • STEP 4

After you click Renew Certificate on STEP 3 a new pop up window will open with the following message:
The system will start renewing this certificate automatically. Please make sure that the network environment has been set up properly.
– DSM can be accessed from WAN via port 80 and 443.
– DNS has been properly set up.
Click Apply and in maximum 15-20 seconds after that your Certificate will be automatically renewed.

3 Synology NAS Renew SSL Certificate

Note: Whenever your Let’s encrypt certificate approaches the end of the 3 month period, remember to do this simple operation that will take you less than a minute. When your let’s encrypt certificate is about to expire, you will see the green lock before the domain name turn red. This being said, know that you can still renew your certificate before it expires even if the lock before your domain name is still green/hasn’t turned red yet. You don’t have to wait for the lock to turn red so you can renew your certificate.
Note: If you leave port 80 and 443 in your router open, the Let’s Encrypt certificate will be automatically update without any manual action a few days before expiration.

TLS-SNI-01 Troubleshooting: If you get an email from let’s encrypt about TLS-SNI-01 end of life please refer to this article: How to Solve Synology Let’s Encrypt TLS-SNI-01 end of life.

This post was updated on Friday / February 19th, 2021 at 9:50 AM