NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1
Hi, my apache2 pem file somehow got corrupted with the upgrade to ReadyNAS OS 6.10.5, so I bit the bullet and fixed it by installing a letsencrypt certificate using acme.sh
As it might help others (even if only to get rid of the security errors when you open the admin page as https), here is what I recall from what I did:
- su and switch to root home directory (use the admin password for su) -
su cd
- Install acme.sh -
wget -O - https://get.acme.sh | sh
- Change to acme.sh directory -
cd .acme.sh/
- Enable acme.sh auto-upgrades -
acme.sh --upgrade --auto-upgrade
- Issue the certificate, replacing "www.domain.com" in the following line with the FQDN name of your ReadyNAS server -
/root/.acme.sh/acme.sh --issue --dns dns_cf -d www.domain.com --renew-hook "cat /root/.acme.sh/www.domain.com/fullchain.cer /root/.acme.sh/www.domain.com/www.domain.com.key >/etc/frontview/apache/apache2.pem && service apache2 restart"
If it all went well, acme.sh should have asked you for all the authentications, generated the certificate, and will keep it updated.
If any future ReadyNAS update breaks the certificate, do step 5 again - but first check what is now the correct place for the pem certificate.
More instructions on using acme.sh can be found here - https://techviewleo.com/automate-lets-encrypt-certificates-with-acme-sh/
6 Replies
Replies have been turned off for this discussion
Thanks for this rather simple method of installing a certificate on the ReadyNAS. I'm sure it wiull help many.
You should actually SSH in as root, which eliminates the need for su. Note that this only works if you have a domain name assigned, you can't just make one up. Most home users will not have one.
I usually disable ssh as root everywhere, so didn't even think about it... :)
And yes, for letsencrypt you need a registered domain and a DNS provider (I use cloudflare).
I can add here. I did not manage to resolve issues with the "--dns dns_cf"-mode installation.
I managed to resolve by using the built in apache-mode
/root/.acme.sh/acme.sh --issue --apache -d www.domain.com
As I did some iterations that finally worked with the command above, I was forced to send the renew-hook string separately. I hope this will work. We will see in 60 days...
/root/.acme.sh/acme.sh --list --renew-hook "cat /root/.acme.sh/www.domain.com/fullchain.cer /root/.acme.sh/www.domain.com/www.domain.com.key >/etc/frontview/apache/apache2.pem && service apache2 restart"
jbernardoThanks for this hint. Great that there is an easy way to install a certificate, as the certbot is not supported any more with the latest OS-update...
el_patron I should probably have detailed more the parameters to pass to acme.sh. -dns is to use a dns api, in this case dns_cf for cloudflare.
And looking at the acme.sh dnsapi wiki , I see that I didn't add the rest of the instructions - in particular to get the cloudflare API key, and export it as an environment variable before calling acme.sh
Anyway, I recommend checking the acme.sh wiki, in particular the command line parameters page, and also the above mentioned dnsapi documentation if you're using a supported DNS provider.
Would this work on older ReadyNAS OS4 devices? I have a NVX Pioneer Edition
Here are the set of instructions for some one doing it from scratch, as the --renew-hook command didn't work for me
1) Install
Check this project: https://github.com/acmesh-official/get.acme.sh
Run below command via ssh.
Note: A valid email id is required for letsencrypt. my@example.com will not work
wget -O - https://get.acme.sh | sh -s email=my@example.comAfter the installation, you must close the current terminal and reopen it to make the alias take effect.
2) For auto updating acme.sh(optional step)
acme.sh --upgrade --auto-upgrade3) Use Lets encrypt instead of default zerossl. Zerossl was not working for me, it kept on retying and then errored out several times. If it works for you no need to run this step
acme.sh --set-default-ca --server letsencrypt4) Issue a certificate, you can choose as per your need using the documentation at GitHub.
since I am on apache server, I have used the apache module like this:
acme.sh --issue --apache -d yourdomainnameIf everything goes right, this should have created the certificates (check the console for the current path).
5) Install the certificates
acme.sh --install-cert -d yourdomainname \ --reloadcmd "cat /root/.acme.sh/yourdomainname_ecc/fullchain.cer /root/.acme.sh/yourdomainname_ecc/yourdomainname.key >/etc/frontview/apache/apache2.pem && service apache2 restart "Now you can access your NAS using the https. Enjoy!!!đ
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
