Impressive video, Synology. Looking forward to your next upload. I smashed the thumbs up button on your content. Keep up the fantastic work! Your explanation of the SSL certificate setup process was crystal clear. Have you considered discussing potential security risks associated with using free Let's Encrypt certificates in a future video?
The Let's Encrypt certificate will expire after a couple of months. The system will automatically renew the certificate. However, the problem is that the client software will choke when it connects to the new certificate. The client will stop working until you manually accept the new certificate. A big pain to do for every clients and every applications every couple of months. It would be nice if the client software can automatically accept the new certificate, signed by a trusted CA.
Thanks for the analysis! Could you help me with something unrelated: My OKX wallet holds some USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). Could you explain how to move them to Binance?
"Port 80 open for Certificate Renewal" so you're using txt based validation by running an internet exposed Apache or NGINX server so LE can connect and check for a TXT file still? You should really implement one of the DNS based options, for example many ACME clients do CloudFlare integration these days so they can create the record on demand for the renewal and never internet expose the device like that. At minimum I really hope that Apache service is just run on demand for a limited time during the renewal process or you're at least putting in an IPTables rule to block connections when a renewal isn't actively in process or screenshots of this comment is gonna be re-posted around the internet as a prophetic warning one day...
The real questions is...was this made with an AI voice? My vote is yes because the voice over has grammar issues. @1:02 "First check if the NAS certificate has been expired" Second is how it pronounces NAS (Nes?) 😆
Gibt es doch bereits. An dem Prinzip selbst kann Synology nichts ändern. Muss man sich sich seine eigene CA oder über Lets Encyrpt sich was bauen. Zudem kann man Synology Quick Connect nutzen, ohne das man sich direkt dort im "Internet" anmelden kann. Man kann z.B. nur Synology Drive nutzen.
I've been looking into this and there' a way to have a certificate via DNS verification but that requires you to have a domains DNS managed through a service like Cloudflare.
Impressive video, Synology. Looking forward to your next upload. I smashed the thumbs up button on your content. Keep up the fantastic work! Your explanation of the SSL certificate setup process was crystal clear. Have you considered discussing potential security risks associated with using free Let's Encrypt certificates in a future video?
The Let's Encrypt certificate will expire after a couple of months. The system will automatically renew the certificate. However, the problem is that the client software will choke when it connects to the new certificate. The client will stop working until you manually accept the new certificate. A big pain to do for every clients and every applications every couple of months. It would be nice if the client software can automatically accept the new certificate, signed by a trusted CA.
Thanks for the analysis! Could you help me with something unrelated: My OKX wallet holds some USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). Could you explain how to move them to Binance?
keep the default ports???, but if it is the first thing that is changed precisely to avoid attacks...
"Port 80 open for Certificate Renewal" so you're using txt based validation by running an internet exposed Apache or NGINX server so LE can connect and check for a TXT file still?
You should really implement one of the DNS based options, for example many ACME clients do CloudFlare integration these days so they can create the record on demand for the renewal and never internet expose the device like that.
At minimum I really hope that Apache service is just run on demand for a limited time during the renewal process or you're at least putting in an IPTables rule to block connections when a renewal isn't actively in process or screenshots of this comment is gonna be re-posted around the internet as a prophetic warning one day...
The real questions is...was this made with an AI voice?
My vote is yes because the voice over has grammar issues. @1:02 "First check if the NAS certificate has been expired"
Second is how it pronounces NAS (Nes?) 😆
4:32 I'd like to learn more about the DS1825+ (or DS1826+...)
Ich werde mein NAS sicher nicht frei ins Netz stellen. Und trotzdem möchte ich sichere Verbindungen in meinem Heimnetz nutzen. Erfindet mal dafür was.
Gibt es doch bereits. An dem Prinzip selbst kann Synology nichts ändern. Muss man sich sich seine eigene CA oder über Lets Encyrpt sich was bauen. Zudem kann man Synology Quick Connect nutzen, ohne das man sich direkt dort im "Internet" anmelden kann. Man kann z.B. nur Synology Drive nutzen.
Du musst den Port nur während der Zertifikatserstellung freigeben, danach kannst du den Port gleich wieder schließen.
@@aliasname5518 ich will nicht mal das.
I've been looking into this and there' a way to have a certificate via DNS verification but that requires you to have a domains DNS managed through a service like Cloudflare.