Recently, I went through one task in my backlog of internal infrastructure clean up: I finally deployed the same Let’s Encrypt certificate I have on my Synology NAS on the Resilio Sync package. My NAS is running DSM 7.2.x. This finally got rid of the annoying “This site is not secure” banner when visiting it from my browser. I referenced this post to get the job done.
Resilio Sync has a configuration file where we can specify a custom SSL certificate and private key. It’s located in a file named sync.conf
in /volume1/@appstore/resiliosync/var/
. Namely, we really need to add these two lines in webui
(there is already a force_https
key set to true
):
"ssl_certificate": "/volume1/@appstore/resiliosync/var/cert/cert.pem",
"ssl_private_key": "/volume1/@appstore/resiliosync/var/cert/privkey.pem"
After that, I needed to add the certificate and private key to that directory, and then hook it back up to the custom task I have in Task Scheduler on DSM that does my certificate renewals. In my case, I use acme.sh, which is a pretty versatile script to create or renew certificates. I uploaded the script to GitHub, but essentially it looks like this:
#!/bin/bash
# <truncated>
export fqdnForNas=nas.example.com
export acmeShRoot=/usr/local/share/acme.sh
export synologyCertDir=/usr/syno/etc/certificate/system/default
export rslsyncCertDir=/volume1/@appstore/resiliosync/var/cert
# Here's the actual script
${acmeShRoot}/acme.sh --renew -d "${fqdnForNas}" --home ${acmeShRoot}
cp ${synologyCertDir}/cert.pem ${rslsyncCertDir}/cert.pem
cp ${synologyCertDir}/privkey.pem ${rslsyncCertDir}/privkey.pem
chown rslsync:resiliosync ${rslsyncCertDir}/cert.pem
chown rslsync:resiliosync ${rslsyncCertDir}/privkey.pem
chmod 600 ${rslsyncCertDir}/cert.pem
chmod 600 ${rslsyncCertDir}/privkey.pem
Since I also bought another Synology NAS during this year’s World Backup Day sale at my local computer shop, I modified the sync.conf
config file on that NAS, copied this script over, modified the FQDN, and I was on my way.
Anyways, that’s all I have this time around.
Until next time!
~Lui