![]() ![]() While there exist many ACME clients for DNS-01 validation, acme.sh is a very popular one without external dependencies and therefore perfect for the use on your Synology NAS. ![]() Instead of trying to identify all those locations, the described way uses the DSM web API, which handles all of that automatically. DSM makes it a bit tricky as our certificate is placed in multiple directories for multiple different applications. While DSM doesn’t natively support DNS-01, it can be automated too if your DNS provider provides an API. With the DNS-01 challenge you create a TXT DNS record for your domain for the verification process. ![]() If your NAS is not connected to the Internet, you have multiple web servers, you don’t want to/can’t open port 80 or you want to use wildcard certificates, you would need to use the DNS-01 challenge instead. Like the documentation describes, this challenge type has a few drawbacks. There are many different clients supporting the ACME protocol and also Synology provides a client to automatically issue and renew Let’s Encrypt certificates via DSM for your NAS.Ĭurrently DSM only supports the HTTP-01 challenge type, where a file is placed on your web server and is retrieved by Let’s Encrypt for verification. It uses the ACME protocol to fully automate the certification process. Let’s Encrypt offers free certificates for securing your website with TLS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |