- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1
Hi, my apache2 pem file somehow got corrupted with the upgrade to ReadyNAS OS 6.10.5, so I bit the bullet and fixed it by installing a letsencrypt certificate using acme.sh
As it might help others (even if only to get rid of the security errors when you open the admin page as https), here is what I recall from what I did:
- su and switch to root home directory (use the admin password for su) -
su cd
- Install acme.sh -
wget -O - https://get.acme.sh | sh
- Change to acme.sh directory -
cd .acme.sh/
- Enable acme.sh auto-upgrades -
acme.sh --upgrade --auto-upgrade
- Issue the certificate, replacing "www.domain.com" in the following line with the FQDN name of your ReadyNAS server -
/root/.acme.sh/acme.sh --issue --dns dns_cf -d www.domain.com --renew-hook "cat /root/.acme.sh/www.domain.com/fullchain.cer /root/.acme.sh/www.domain.com/www.domain.com.key >/etc/frontview/apache/apache2.pem && service apache2 restart"
If it all went well, acme.sh should have asked you for all the authentications, generated the certificate, and will keep it updated.
If any future ReadyNAS update breaks the certificate, do step 5 again - but first check what is now the correct place for the pem certificate.
More instructions on using acme.sh can be found here - https://techviewleo.com/automate-lets-encrypt-certificates-with-acme-sh/
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1
Thanks for this rather simple method of installing a certificate on the ReadyNAS. I'm sure it wiull help many.
You should actually SSH in as root, which eliminates the need for su. Note that this only works if you have a domain name assigned, you can't just make one up. Most home users will not have one.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1
I usually disable ssh as root everywhere, so didn't even think about it... 🙂
And yes, for letsencrypt you need a registered domain and a DNS provider (I use cloudflare).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1
I can add here. I did not manage to resolve issues with the "--dns dns_cf"-mode installation.
I managed to resolve by using the built in apache-mode
/root/.acme.sh/acme.sh --issue --apache -d www.domain.com
As I did some iterations that finally worked with the command above, I was forced to send the renew-hook string separately. I hope this will work. We will see in 60 days...
/root/.acme.sh/acme.sh --list --renew-hook "cat /root/.acme.sh/www.domain.com/fullchain.cer /root/.acme.sh/www.domain.com/www.domain.com.key >/etc/frontview/apache/apache2.pem && service apache2 restart"
@jbernardoThanks for this hint. Great that there is an easy way to install a certificate, as the certbot is not supported any more with the latest OS-update...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1
@el_patron I should probably have detailed more the parameters to pass to acme.sh. -dns is to use a dns api, in this case dns_cf for cloudflare.
And looking at the acme.sh dnsapi wiki , I see that I didn't add the rest of the instructions - in particular to get the cloudflare API key, and export it as an environment variable before calling acme.sh
Anyway, I recommend checking the acme.sh wiki, in particular the command line parameters page, and also the above mentioned dnsapi documentation if you're using a supported DNS provider.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1
Would this work on older ReadyNAS OS4 devices? I have a NVX Pioneer Edition
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Install a letsencrypt certificate on RadyNAS 6.10.5 hotfix 1
Here are the set of instructions for some one doing it from scratch, as the --renew-hook command didn't work for me
1) Install
Check this project: https://github.com/acmesh-official/get.acme.sh
Run below command via ssh.
Note: A valid email id is required for letsencrypt. my@example.com will not work
wget -O - https://get.acme.sh | sh -s email=my@example.com
After the installation, you must close the current terminal and reopen it to make the alias take effect.
2) For auto updating acme.sh(optional step)
acme.sh --upgrade --auto-upgrade
3) Use Lets encrypt instead of default zerossl. Zerossl was not working for me, it kept on retying and then errored out several times. If it works for you no need to run this step
acme.sh --set-default-ca --server letsencrypt
4) Issue a certificate, you can choose as per your need using the documentation at GitHub.
since I am on apache server, I have used the apache module like this:
acme.sh --issue --apache -d yourdomainname
If everything goes right, this should have created the certificates (check the console for the current path).
5) Install the certificates
acme.sh --install-cert -d yourdomainname \
--reloadcmd "cat /root/.acme.sh/yourdomainname_ecc/fullchain.cer /root/.acme.sh/yourdomainname_ecc/yourdomainname.key >/etc/frontview/apache/apache2.pem && service apache2 restart "
Now you can access your NAS using the https. Enjoy!!!🎉