SpaceRex is still matching donations: As you may know I grew up in Asheville, NC which was hit pretty hard by the hurricane. Luckily all of my friends and family are ok, save for a few trees on houses / cars. We are going to be matching donations to the red cross up to $1,000 through Oct 5. Simply forward your confirmation email to donate@spacerex.co Link to donate: www.redcross.org/donate/donation.html
Synology needs to update their letsencrypt support to do the DNS-01 challenges supported by tools like acme. Then the NAS could easily get and renew certificates on its own without exposing it to anything. They’re years behind on this.
Because I only access my NAS units and network devices internally, I generated my own certificate of authority with OpenSSL. Now I have no more annoying security warnings.
I just want to say thank you for producing this videos for all the people out there.❤ I have a multiple setup with different Domains and subdomains running in the Nginx Reverse Proxy Manager from dsm. Having dockers available from different nas devices is a very cool thing. Thanks for your work🎉
Love the videos, I've managed to set up my first Synology NAS with snapshots, back ups, tailscales and more but I'm a bit lost when it comes to SSL certs. If I'm using Tailscale to connect remotely, should I consider getting a SSL cert or is this still technically classed as "local network"??
Can you please do another video on a more advanced Unifi setup guide with their cloud gateway? I am starting to gather my equipment for a home setup and am looking at setting up VLAN’s. Thank you!
I don’t have port 80 forwarded to my NAS but my Let’s Encrypt certificate is always renewed just fine. I do have port 443 forwarded. Does it get renewed if either are open?
I have a web server (IIS) on a dedicated VM. I forward ports 80 and 443 to that server. Can you think of a way to have the NAS (there are actually several NASes) request a cert? I have a block of static IP addresses, but only the one points to the domain I use, and would apply both to the sites on the web server as well as the NAS.
I hope they will add DNS challenges in a future update. I don't want to open any port to my NAS, so I get my domain certificates with my Raspberry Pi and DNS challenge and then manually copy them over to the NAS every 3 months 🙄
No mention about using wild cards. What about a second computer on my land running a different web server on port 12090. How can i use the registered NAS certificate to cover the other computer
Hello...quick cquestion: i have set up dns etc on my registrar and can connect through to my nas using external web browser. On my UDM router i have ported 80 to 443 (and tried 80-80) however i still get https is not secure. Set nas cert to default...also created a new cert and set up as default...renew cert is no issues. (usually keep port 80 closed but open to renew) I also have dns record (DNSSEC) on my DC and also replicated to secondary DC...still no go...I am using nextdns with standard OISD list active but shouldnt be an issue at all given i can see the nas externally through my current dns A and CNAME redirects. On the going bonkers scale im at 9.5..... any ideas anyone?
My ISP uses CGNAT, so I instead use a Cloudflared tunnel and let all of Cloudflare handle the all the internet-facing functions (subdomain DNS, signed SSL, DDoS protection, etc)
You can do a Tailscale Funnel implementation if you want, to their provided external URL. (I haven’t tested this with my NAS, only a test VM internally.)
@@NatesRandomVideo for devices on tailnet only, I think I used tailscale cert with their randomly created url to get a ssl. It was a long time ago and I can't remember the details.
SpaceRex is still matching donations:
As you may know I grew up in Asheville, NC which was hit pretty hard by the hurricane. Luckily all of my friends and family are ok, save for a few trees on houses / cars.
We are going to be matching donations to the red cross up to $1,000 through Oct 5. Simply forward your confirmation email to donate@spacerex.co
Link to donate: www.redcross.org/donate/donation.html
Synology needs to update their letsencrypt support to do the DNS-01 challenges supported by tools like acme. Then the NAS could easily get and renew certificates on its own without exposing it to anything. They’re years behind on this.
Wow. I needed this one.
Can't wait to arrive home and watch it
This is such a valuable content, that I turned off ad blockator, reload video, watch every ad and clicked on every one of them.
That’s high praise
Started watching you in 2020 and I still can’t figure this out. You have made a couple of videos. I’ll try this one when I get home. Fingers crossed.
perfect timing!!! needed this so very much. thank you!
Because I only access my NAS units and network devices internally, I generated my own certificate of authority with OpenSSL. Now I have no more annoying security warnings.
I just want to say thank you for producing this videos for all the people out there.❤ I have a multiple setup with different Domains and subdomains running in the Nginx Reverse Proxy Manager from dsm. Having dockers available from different nas devices is a very cool thing. Thanks for your work🎉
Love the videos, I've managed to set up my first Synology NAS with snapshots, back ups, tailscales and more but I'm a bit lost when it comes to SSL certs. If I'm using Tailscale to connect remotely, should I consider getting a SSL cert or is this still technically classed as "local network"??
I would still classify this as a local network!
@@SpaceRexWill Thanks man!!
Can you please do another video on a more advanced Unifi setup guide with their cloud gateway? I am starting to gather my equipment for a home setup and am looking at setting up VLAN’s. Thank you!
Ahhh man! Thank you sooo much
I don’t have port 80 forwarded to my NAS but my Let’s Encrypt certificate is always renewed just fine. I do have port 443 forwarded. Does it get renewed if either are open?
When I port forwarded port 80, my outside cameras picked it up and were serving web. How do I get is so that the gas handles it for the Lets Encrypt?
I have a web server (IIS) on a dedicated VM. I forward ports 80 and 443 to that server. Can you think of a way to have the NAS (there are actually several NASes) request a cert? I have a block of static IP addresses, but only the one points to the domain I use, and would apply both to the sites on the web server as well as the NAS.
I hope they will add DNS challenges in a future update. I don't want to open any port to my NAS, so I get my domain certificates with my Raspberry Pi and DNS challenge and then manually copy them over to the NAS every 3 months 🙄
Some graphics even just a whiteboard would have been helpful when explaining SSL certificates
No mention about using wild cards. What about a second computer on my land running a different web server on port 12090. How can i use the registered NAS certificate to cover the other computer
Hello...quick cquestion: i have set up dns etc on my registrar and can connect through to my nas using external web browser. On my UDM router i have ported 80 to 443 (and tried 80-80) however i still get https is not secure. Set nas cert to default...also created a new cert and set up as default...renew cert is no issues. (usually keep port 80 closed but open to renew) I also have dns record (DNSSEC) on my DC and also replicated to secondary DC...still no go...I am using nextdns with standard OISD list active but shouldnt be an issue at all given i can see the nas externally through my current dns A and CNAME redirects. On the going bonkers scale im at 9.5..... any ideas anyone?
I must have missed something here because I followed everything to the letter but I'm still getting certificate errors
Same here. Certificate says it's valid in settings, and set to system default. Still errors.
My ISP uses CGNAT, so I instead use a Cloudflared tunnel and let all of Cloudflare handle the all the internet-facing functions (subdomain DNS, signed SSL, DDoS protection, etc)
I think you can also get an ssl ceritificate by using tailscale?
Yes, but I dont think DSM supports this just yet
You can do a Tailscale Funnel implementation if you want, to their provided external URL. (I haven’t tested this with my NAS, only a test VM internally.)
@@NatesRandomVideo for devices on tailnet only, I think I used tailscale cert with their randomly created url to get a ssl. It was a long time ago and I can't remember the details.