Synology: How to Schedule Let’s Encrypt Certificate Auto Renew

Synology How to Schedule Let's Encrypt Certificate Auto Renew

Many of you have asked me if there is any method to automatically renew the Let’s Encrypt certificate on your NAS. You need to know the certificate/s will be updated automatically before its/their expiration date, without the need for user-defined scripts or additional rules in Task Scheduler. To do this, it is imperative to leave ports 80 and 443 open in your router. If these ports are closed during the automatic renewal process of your Let’s Encrypt certificate/s, your certificate/s will not be updated and you will need to do this manually at a later time.

  • STEP 1

Please Support My work by Making a Donation.

  • STEP 2

Log into your router and go to the Port Forwarding area. Select your NAS Local IP Address and port forward ports 80 and 443 both TCP/UDP. Remember that every router has its own interface design. At the moment I am using a Synology RT2600ac router. Follow the instructions in the image below:

SSL Certificate Synology Automatic Renew Port Forwarding.

Note: If your NAS finds ports 80 and 443 open in your router at the time of the renewal process, the renewal of your Let’s Encrypt certificate/s will occur automatically.
Note: If your NAS finds ports 80 and 443 closed on your router at the time of the renewal process, the Let’s Encrypt certificate/s will not be renewed automatically.
Note: Certificates issued by Let’s Encrypt are valid for 90 days. Before the certificate/s expire, DSM will automatically renew them after successful domain validation. Please make sure your Synology NAS and router have ports 80 and 443 open for certificate renewal.
Note: On various blogs, forums and YouTube channels you will find all kinds of scripts to automatize the renewal of Let’s Encrypt certificates for your NAS. These are totally useless because, for one, these kinds of scripts also need ports 80 and 443 open on your router, and, more importantly, Let’s Encrypt certificates are automatically renewed by your DSM if ports 80 and 443 are correctly forwarded in your router.

This post was updated on Monday / December 21st, 2020 at 1:20 AM