Automatic SSL renewal with Let’s Encrypt on DSM 5.x / Synology Diskstation via Dreamhost with dns-01 verification

Adapted from https://www.naschenweng.info/2017/01/06/automatic-ssl-renewal-encrypt-dsm-5-x-synology-ds1010-dns-01-verification/

1. SSH into your Synology as root

   $ ssh [email protected]
   

2. First we will install acme.sh – for this you need SSH / Telnet access into your Synology.

   cd /tmp
   curl -L -o /tmp/master.tgz https://github.com/Neilpang/acme.sh/archive/master.tar.gz
   tar xvf master.tgz
   cd acme.sh-master/
   ./acme.sh --install --nocron
   

   The above downloads the acme.sh installer and then installs it with the “nocron”-option (since my Synology does not have a scheduler running which is supported by acme.sh). The installer completes quickly:

3. Close and then re-open the terminal

   exit
   ssh [email protected]
   

4. After you closed and re-opened the terminal, we then configure acme.sh to automatically update itself:

   acme.sh --upgrade --auto-upgrade
   

5. Create an API Key at Dreamhost with All dns functions

6. Add the API key using

   export DH_API_KEY="<api key>"
   

7. Issue a certificate using

   acme.sh --issue --dns dns_dreamhost -d my.synology.tld
   

   The 'DH_API_KEY' will be saved in ~/.acme.sh/account.conf and will be reused when needed.

8. Add a Crontab entry via vi /etc/crontab

   3       2       *       *       2       root    /root/.acme.sh/acme.sh --cron
   

   Everyone forgets how to exit vi. Use esc :wq to quit and save or esc :q! to quit without saving

   Older Synology’s had issues with the format of the crontab – so make sure that you use tabs between the sections.

9. Run the cronjob to verify that everything is fine:

   /root/.acme.sh/acme.sh --cron