Comments on: Setting up Let’s Encrypt SSL certificates issued by pfSense on your Synology

By: Installing Unifi controller Docker container on Synology NAS - Geek is the Way!

Installing Unifi controller Docker container on Synology NAS - Geek is the Way! — Sat, 13 Aug 2022 15:10:58 +0000

[…] posts I’ve described how to issue Let’s Encrypt SSL certificates on your pfSense and how to install them in your Synology NAS. In this post we will extend this idea and install Let’s Encrypt certificate issued by […]

By: Thiago Crepaldi

Thiago Crepaldi — Wed, 16 Feb 2022 12:46:05 +0000

Ao you need is to add a file at /etc/sudoers.d (e.g /etc/sudoers.d/shutdown) with the user/permission/command you need. Something like “user_name ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown”

By: Andy

Andy — Wed, 16 Feb 2022 08:36:20 +0000

Thanks Thiago,

I’m running DSM 7 and am finding it’s a bit unstable at the moment (loses connection regularly while in the DSM UI). I tried following the Synology instructions to get to root but sudo doesn’t seem to be available to my admin account. Not sure if it’s because the Synology instructions are wrong/out of date or something else.

Will keep playing around and may try a reinstall as a last resort.

By: Thiago Crepaldi

Thiago Crepaldi — Tue, 15 Feb 2022 13:29:12 +0000

What is your DSM version? Since DSM 6.0, ssh access to root user was disabled. You can always create another user and add them to the /etc/sudoers file to grant root access to the minimal amount of stuff you need.

By: Andy

Andy — Tue, 15 Feb 2022 02:49:30 +0000

Thanks Thiago, I thought it was related to this, but must have jumped the gun (the certificates are now working and I didnt change anything). While I have you – Im trying to figure out how I apply the ssh keys I generated to root on Synology. What am I missing here please? I can apply them to other admin accounts I have created but root says ‘no’ due to a public key mismatch (I havent loaded a public key for root so not sure what I may have done wrong).

By: Thiago Crepaldi

Thiago Crepaldi — Tue, 15 Feb 2022 01:20:42 +0000

In reply to Andy. Hi Andy, I can renew all my certificates using DNS method. Which domain validation method are you using? LetsEncrypt will deprecate a bunch of certificates issued by TLS-ALPN-01 in two days. Maybe that is what is hitting you. If that is your case, try manually renovating your certificates and try again.

By: Andy

Andy — Sun, 13 Feb 2022 20:40:25 +0000

Hi Thiago,

Thanks for that. I went to have another go at this and see that LetsEncrypt SSL certificates are currently not working (using the pfSense method) due to the change in intermediary? Are you having this issue also?

Thanks
Andy

By: Anders

Anders — Fri, 31 Dec 2021 19:33:50 +0000

Happy New Year Thiago!

Havent had time to fix my issue but the missing step was how to fix the ssh key for the Synology root. Keys were fixed using other admin accounts but as you know it isnt possible to ssh into the Synology anymore, thus the root ~/.ssh folder was empty. I simply just copied the generated ssh files into root and now it works. As you describe the task schedule within DSM runs through root. It is of course and obvious reason but since im a noob and as nothing was mentioned in you description i coulnt make it work until now. Thanks anyway for all your efforts in this matter! 🙂

By: Thiago Crepaldi

Thiago Crepaldi — Tue, 19 Oct 2021 03:34:15 +0000

Hi Anders, you just need to edit the script to copy the new certificate over your specific services

By: Thiago Crepaldi

Thiago Crepaldi — Tue, 19 Oct 2021 03:32:43 +0000

Hi Andy, It seems you are using DSM 7, in which synoservice is no longer available. I just fixed the homelab-utility-bel script to handle both DSM 6 and 7. Try again and let me know how it goes.