× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

jbernardo
Apprentice

Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

Hi, my apache2 pem file somehow got corrupted with the upgrade to ReadyNAS OS 6.10.5, so I bit the bullet and fixed it by installing a letsencrypt certificate using acme.sh

As it might help others (even if only to get rid of the security errors when you open the admin page as https), here is what I recall from what I did:

  1. su and switch to root home directory (use the admin password for su) - 
    su
    cd
  2. Install acme.sh - 
    wget -O - https://get.acme.sh | sh
  3. Change to acme.sh directory - 
    cd .acme.sh/
  4. Enable acme.sh auto-upgrades - 
    acme.sh --upgrade --auto-upgrade
  5. Issue the certificate, replacing "www.domain.com" in the following line with the FQDN name of your ReadyNAS server - 
    /root/.acme.sh/acme.sh --issue --dns dns_cf -d www.domain.com --renew-hook "cat /root/.acme.sh/www.domain.com/fullchain.cer /root/.acme.sh/www.domain.com/www.domain.com.key >/etc/frontview/apache/apache2.pem && service apache2 restart"

If it all went well, acme.sh should have asked you for all the authentications, generated the certificate, and will keep it updated. 

If any future ReadyNAS update breaks the certificate, do step 5 again - but first check what is now the correct place for the pem certificate.

 

More instructions on using acme.sh can be found here - https://techviewleo.com/automate-lets-encrypt-certificates-with-acme-sh/

Model: RN102|ReadyNAS 100 Series 2- Bay
Message 1 of 7
Sandshark
Sensei

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

Thanks for this rather simple method of installing a certificate on the ReadyNAS.  I'm sure it wiull help many.

 

You should actually SSH in as root, which eliminates the need for su.  Note that this only works if you have a domain name assigned, you can't just make one up.  Most home users will not have one.

Message 2 of 7
jbernardo
Apprentice

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

I usually disable ssh as root everywhere, so didn't even think about it... 🙂

 

And yes, for letsencrypt you need a registered domain and a DNS provider (I use cloudflare).

Message 3 of 7
el_patron
Tutor

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

I can add here. I did not manage to resolve issues with the  "--dns dns_cf"-mode installation.

I managed to resolve by using the built in apache-mode

 

/root/.acme.sh/acme.sh --issue --apache -d www.domain.com

As I did some iterations that finally worked with the command above, I was forced to send the renew-hook string separately. I hope this will work. We will see in 60 days...

/root/.acme.sh/acme.sh --list --renew-hook "cat /root/.acme.sh/www.domain.com/fullchain.cer /root/.acme.sh/www.domain.com/www.domain.com.key >/etc/frontview/apache/apache2.pem && service apache2 restart"

 

@jbernardoThanks for this hint. Great that there is an easy way to install a certificate, as the certbot is not supported any more with the latest OS-update...

Model: RN31400|ReadyNAS 300 Series 4- Bay (Diskless)
Message 4 of 7
jbernardo
Apprentice

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

@el_patron I should probably have detailed more the parameters to pass to acme.sh. -dns is to use a dns api, in this case dns_cf for cloudflare.

And looking at the acme.sh dnsapi wiki , I see that I didn't add the rest of the instructions - in particular to get the cloudflare API key, and export it as an environment variable before calling acme.sh

 

Anyway, I recommend checking the acme.sh wiki, in particular the command line parameters page, and also the above mentioned dnsapi documentation if you're using a supported DNS provider.

Message 5 of 7
Trial_Master
Aspirant

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

Would this work on older ReadyNAS OS4 devices? I have a NVX Pioneer Edition

Message 6 of 7
VicksJ
Tutor

Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1

Here are the set of instructions for some one doing it from scratch, as the --renew-hook command didn't work for me

1) Install

Check this project: https://github.com/acmesh-official/get.acme.sh

Run below command via ssh.

Note: A valid email id is required for letsencrypt.  my@example.com will not work

 

wget -O -  https://get.acme.sh | sh -s email=my@example.com

 

After the installation, you must close the current terminal and reopen it to make the alias take effect.

2) For auto updating acme.sh(optional step)

 

acme.sh --upgrade --auto-upgrade

 

3) Use Lets encrypt instead of default zerossl. Zerossl was not working for me, it kept on retying and then errored out several times. If it works for you no need to run this step

 

acme.sh --set-default-ca --server letsencrypt

 

4) Issue  a certificate, you can choose as per your need using the documentation at GitHub. 

since I am  on apache server, I have used the apache module like this:

 

acme.sh --issue --apache -d yourdomainname

 

If everything goes right, this should have created the certificates (check the console for the current path).

5) Install the certificates

 

acme.sh --install-cert -d yourdomainname \
--reloadcmd     "cat /root/.acme.sh/yourdomainname_ecc/fullchain.cer /root/.acme.sh/yourdomainname_ecc/yourdomainname.key >/etc/frontview/apache/apache2.pem && service apache2 restart "

 

Now you can access your NAS using the https. Enjoy!!!🎉

Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 3725 views
  • 5 kudos
  • 5 in conversation
Announcements