Resilio Sync + Let’s Encrypt on Synology

I finally configured a non-self-signed certificate on Resilio Sync using an existing Let's Encrypt certificate. This post documents the process to get it done on a Synology NAS device.

Recently, I went through one task in my backlog of internal infrastructure clean up: I finally deployed the same Let’s Encrypt certificate I have on my Synology NAS on the Resilio Sync package. My NAS is running DSM 7.2.x. This finally got rid of the annoying “This site is not secure” banner when visiting it from my browser. I referenced this post to get the job done.

Resilio Sync has a configuration file where we can specify a custom SSL certificate and private key. It’s located in a file named sync.conf in /volume1/@appstore/resiliosync/var/. Namely, we really need to add these two lines in webui (there is already a force_https key set to true):

"ssl_certificate": "/volume1/@appstore/resiliosync/var/cert/cert.pem",
"ssl_private_key": "/volume1/@appstore/resiliosync/var/cert/privkey.pem"

After that, I needed to add the certificate and private key to that directory, and then hook it back up to the custom task I have in Task Scheduler on DSM that does my certificate renewals. In my case, I use, which is a pretty versatile script to create or renew certificates. I uploaded the script to GitHub, but essentially it looks like this:

# <truncated>
export acmeShRoot=/usr/local/share/
export synologyCertDir=/usr/syno/etc/certificate/system/default
export rslsyncCertDir=/volume1/@appstore/resiliosync/var/cert

# Here's the actual script
${acmeShRoot}/ --renew -d "${fqdnForNas}" --home ${acmeShRoot}
cp ${synologyCertDir}/cert.pem ${rslsyncCertDir}/cert.pem
cp ${synologyCertDir}/privkey.pem ${rslsyncCertDir}/privkey.pem
chown rslsync:resiliosync ${rslsyncCertDir}/cert.pem
chown rslsync:resiliosync ${rslsyncCertDir}/privkey.pem
chmod 600 ${rslsyncCertDir}/cert.pem
chmod 600 ${rslsyncCertDir}/privkey.pem

Since I also bought another Synology NAS during this year’s World Backup Day sale at my local computer shop, I modified the sync.conf config file on that NAS, copied this script over, modified the FQDN, and I was on my way.

Anyways, that’s all I have this time around.

Until next time!


Just some guy on the Internet that writes code for fun and for a living, and also collects anime figures.

Articles: 266

Feel free to leave a reply