Steps to obtain the certificate and/or renewal

  1. Have SSH access to the NAS.
  2. Have access to the root user. The process for doing this is available in the docked.
  3. Have Docker installed on DSM
  4. Open ports 20000 redirected to 443 and 20001 to 80 on the router. The 20000 and 20001 can be changed to the most appropriate for each case.
  5. Once you have SSH access to the NAS (I recommend Mobaxterm because it allows you to see the NAS folder tree) with your username and password, run id to get the puid and pgid. If any of them has less than 4 digits, fill with 0 at the beginning.
  6. Run sudo-i for root access
  7. Run the following to create the container
    docker create \
    --name=letsencrypt \
    --cap-add=NET_ADMIN \
    -e PUID=TUPUID \
    -e PGID=TUPGID \
    -e TZ=Europe/Berlin \
    -e \
    -e SUBDOMAINS= \
    -e VALIDATION=duckdns \
    -e EMAIL=TUEMAIL(opcional) \
    -p 20000:443 \
    -p 20001:80 \
    -v /volumePONTUVOLUMEN/docker/letsencrypt/config:/config \
    --restart unless-stopped \
  8. Go to /volumeYOUVOLUME/docker/ and create the letsencrypt folder and inside it the config folder.
  9. We run the container and check in the registry that the certificate has been created correctly and the paths where they have been created.
  10. Now it depends on whether we have the certificate already installed (step 10) or we are going to renew it (step 11).
  11. In case we do not have the certificate installed:
    – The first thing is to have the private key and certificate located.
    – The private key is in /volumePONTUVOLUMEN/docker/letsencrypt/config/etc/letsencrypt/live/
    – The certificate in /volumePONTUVOLUMEN/docker/letsencrypt/config/etc/letsencrypt/live/
    – They are copied to a folder accessible from DSM on the volume you are using.
    – In certificates go to Add, Add new certificate, Import certificate.
    – In private key we choose the file privkey.pem
    – In certificate we choose the file cert.pem
    – Intermediate certificate is left blank.
    That’s it, with that we have the certificate installed in DSM. Step 11 and following steps are mandatory in this method.
  12. For renewals (CONFIRMED THAT THE RENOVATION WORKS AT 24/04/2020).
    – We must locate the path where we have already installed the certificate. To do this we need root access (see step 2), otherwise access to the folder will not be allowed.
    – The path where the certificate is stored is usr/syno/etc/certificate/_archive/FOLDERNAMEWITHNUMBERSOFLETTERS. Look at the date if you have several, the one you have just created has a more recent date.
    – Create the following scheduled task in Control Panel-Task Scheduler-Create-Scheduled Tasks-User Defined Scrip

    cd /volumePONTUVOLUMEN/docker/letsencrypt/config/etc/letsencrypt/live/
    cp /volumePONTUVOLUMEN/docker/letsencrypt/config/etc/letsencrypt/live/ usr/syno/etc/certificate/_archive/NOMBREDECARPETACONNUMEROSYLETRAS
    cp /volumePONTUVOLUMEN/docker/letsencrypt/config/etc/letsencrypt/live/ usr/syno/etc/certificate/_archive/NOMBREDECARPETACONNUMEROSYLETRAS
    cp /volumePONTUVOLUMEN/docker/letsencrypt/config/etc/letsencrypt/live/ usr/syno/etc/certificate/_archive/NOMBREDECARPETACONNUMEROSYLETRAS