× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

jbernardo
Apprentice

Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

Hi, my apache2 pem file somehow got corrupted with the upgrade to ReadyNAS OS 6.10.5, so I bit the bullet and fixed it by installing a letsencrypt certificate using acme.sh

As it might help others (even if only to get rid of the security errors when you open the admin page as https), here is what I recall from what I did:

  1. su and switch to root home directory (use the admin password for su) - 
    su
    cd
  2. Install acme.sh - 
    wget -O - https://get.acme.sh | sh
  3. Change to acme.sh directory - 
    cd .acme.sh/
  4. Enable acme.sh auto-upgrades - 
    acme.sh --upgrade --auto-upgrade
  5. Issue the certificate, replacing "www.domain.com" in the following line with the FQDN name of your ReadyNAS server - 
    /root/.acme.sh/acme.sh --issue --dns dns_cf -d www.domain.com --renew-hook "cat /root/.acme.sh/www.domain.com/fullchain.cer /root/.acme.sh/www.domain.com/www.domain.com.key >/etc/frontview/apache/apache2.pem && service apache2 restart"

If it all went well, acme.sh should have asked you for all the authentications, generated the certificate, and will keep it updated. 

If any future ReadyNAS update breaks the certificate, do step 5 again - but first check what is now the correct place for the pem certificate.

 

More instructions on using acme.sh can be found here - https://techviewleo.com/automate-lets-encrypt-certificates-with-acme-sh/

Model: RN102|ReadyNAS 100 Series 2- Bay
Message 1 of 6
Sandshark
Sensei

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

Thanks for this rather simple method of installing a certificate on the ReadyNAS.  I'm sure it wiull help many.

 

You should actually SSH in as root, which eliminates the need for su.  Note that this only works if you have a domain name assigned, you can't just make one up.  Most home users will not have one.

Message 2 of 6
jbernardo
Apprentice

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

I usually disable ssh as root everywhere, so didn't even think about it... 🙂

 

And yes, for letsencrypt you need a registered domain and a DNS provider (I use cloudflare).

Message 3 of 6
el_patron
Tutor

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

I can add here. I did not manage to resolve issues with the  "--dns dns_cf"-mode installation.

I managed to resolve by using the built in apache-mode

 

/root/.acme.sh/acme.sh --issue --apache -d www.domain.com

As I did some iterations that finally worked with the command above, I was forced to send the renew-hook string separately. I hope this will work. We will see in 60 days...

/root/.acme.sh/acme.sh --list --renew-hook "cat /root/.acme.sh/www.domain.com/fullchain.cer /root/.acme.sh/www.domain.com/www.domain.com.key >/etc/frontview/apache/apache2.pem && service apache2 restart"

 

@jbernardoThanks for this hint. Great that there is an easy way to install a certificate, as the certbot is not supported any more with the latest OS-update...

Model: RN31400|ReadyNAS 300 Series 4- Bay (Diskless)
Message 4 of 6
jbernardo
Apprentice

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

@el_patron I should probably have detailed more the parameters to pass to acme.sh. -dns is to use a dns api, in this case dns_cf for cloudflare.

And looking at the acme.sh dnsapi wiki , I see that I didn't add the rest of the instructions - in particular to get the cloudflare API key, and export it as an environment variable before calling acme.sh

 

Anyway, I recommend checking the acme.sh wiki, in particular the command line parameters page, and also the above mentioned dnsapi documentation if you're using a supported DNS provider.

Message 5 of 6
Trial_Master
Aspirant

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

Would this work on older ReadyNAS OS4 devices? I have a NVX Pioneer Edition

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 3343 views
  • 4 kudos
  • 4 in conversation
Announcements