Configure SSL /https · NAS server · Secure your NAS

Secure your synology with https/ SSL certificate from Let’s Encrypt

Have you updated your Synology to the latest DSM 6? If you haven’t done it yet, here is reason to get you started.

I have been wanting to do this for a long time, but I never managed to figure out how to do it until now.

First step:

  1. You need to have your own domain name pointing at your synology. Follow this guide to learn how.

Once you have done that, here is what you do.

Navigate to Security and then click on certificate:

install SSL certificates in synology

You will have the self-signed Synology certificate available.

Let’s add a certificate for the domain name you created in the previous step:

  1. Click on Add
  2. Select Add new certificate

add a new certificate

Note, If you get an error while obtaining the certificate, you need to open port 80/443 in your router (Thanks hades2003 for the tip):

error lets encrypt

Select, Get a new certificate from Let’s encrypt.

2 get a certificate from lets encrypt

To create your certificate, you need to:

  1. Add your new domain (or subdomain): or
  2. Add your email
  3. Enter your old DDNS address:

31 create certificate

Now that the new certificate has been created, click on it and select “configure”:

configure certificate

Click on each service and change to your new certificate:

configure services ssl

Now, log out of your synology and login using your new domain name. You should see this:

login secure connection

One last change:

  1. Navigate to Network
  2. DSM settings
  3. It is recommended to change your Http and https port numbers (you can do it here)
  4. Check: automatically redirect http to https , so all your logins and user’s logins will be secured

7 redirect http to https synology

And you are done!!



8 thoughts on “Secure your synology with https/ SSL certificate from Let’s Encrypt

  1. Gracias Ruth por publicar el tutorial,en mi NAS durante el proceso de la descarga del certificado desde Let´s Encrypt mostraba un error de conexión, para evitarlo se tiene que habilitar en el router el port forwarding de los puertos 80/443 a la IP de la NAS (El 80 solamente se requiere para la descarga inicial del certificado, finalizado el proceso se puede desactivar).



  2. Hello Ruth —

    Thank you for putting up these instructions. I am trying to get this working with our Synology, using example for DDNS and as the subdomain. I am able to get through the LetsEncrypt certificate creation process correctly, and the Control Panel indicates that a certificate for is correctly registered.

    However when I go to the following URL in Firefox, I get a “Your connection is not secure” error where it ind:

    Note that 12121 is the port to reach the DiskStation admin console (i.e. when I log in locally, I go to some thing like I have confirmed that port 12121 is open on my router and re-directing to the Synology. In fact, if I tell Firefox to make a certificate exception to the above URL, then it works fine, so I know it is possible to reach the Synology from outside, just not via a certificate that is recognized as valid.

    Any suggestions?



  3. Hi Ruth.

    I am succeeded setup DMS with https/SSL and every application(Video Station,File Station) accessed via https works fine, but Photo Station access field.

    Any idea? Thinks.


    1. Hi Jimmy,
      Enabling HTTPS under DSM Settings does not work for Web or Photo station. These two applications require enabling HTTPS in their own UI. To enable HTTPS on Photo Station, open the application, go to “General Settings >Other Settings” and check “Automatically redirect http to https”.
      photostation https


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s