Resilio Sync + Let’s Encrypt on Synology

I finally configured a non-self-signed certificate on Resilio Sync using an existing Let's Encrypt certificate. This post documents the process to get it done on a Synology NAS device.

Recently, I went through one task in my backlog of internal infrastructure clean up: I finally deployed the same Let’s Encrypt certificate I have on my Synology NAS on the Resilio Sync package. My NAS is running DSM 7.2.x. This finally got rid of the annoying “This site is not secure” banner when visiting it from my browser. I referenced this post to get the job done.

Resilio Sync has a configuration file where we can specify a custom SSL certificate and private key. It’s located in a file named sync.conf in /volume1/@appstore/resiliosync/var/. Namely, we really need to add these two lines in webui (there is already a force_https key set to true):

"ssl_certificate": "/volume1/@appstore/resiliosync/var/cert/cert.pem",
"ssl_private_key": "/volume1/@appstore/resiliosync/var/cert/privkey.pem"

After that, I needed to add the certificate and private key to that directory, and then hook it back up to the custom task I have in Task Scheduler on DSM that does my certificate renewals. In my case, I use acme.sh, which is a pretty versatile script to create or renew certificates. I uploaded the script to GitHub, but essentially it looks like this:

#!/bin/bash
# <truncated>
export fqdnForNas=nas.example.com
export acmeShRoot=/usr/local/share/acme.sh
export synologyCertDir=/usr/syno/etc/certificate/system/default
export rslsyncCertDir=/volume1/@appstore/resiliosync/var/cert

# Here's the actual script
${acmeShRoot}/acme.sh --renew -d "${fqdnForNas}" --home ${acmeShRoot}
cp ${synologyCertDir}/cert.pem ${rslsyncCertDir}/cert.pem
cp ${synologyCertDir}/privkey.pem ${rslsyncCertDir}/privkey.pem
chown rslsync:resiliosync ${rslsyncCertDir}/cert.pem
chown rslsync:resiliosync ${rslsyncCertDir}/privkey.pem
chmod 600 ${rslsyncCertDir}/cert.pem
chmod 600 ${rslsyncCertDir}/privkey.pem

Since I also bought another Synology NAS during this year’s World Backup Day sale at my local computer shop, I modified the sync.conf config file on that NAS, copied this script over, modified the FQDN, and I was on my way.

Let’s Encrypt certificate now present in Resilio Sync.
Let’s Encrypt certificate and Task Scheduler on my Synology NAS.

Anyways, that’s all I have this time around.

Until next time!
~Lui

Tags
Injabie3
Injabie3

Just some guy on the Internet that writes code for fun and for a living, and also collects anime figures.

Articles: 266

Feel free to leave a reply