How to install Let’s Encrypt on QNAP/NAS
Install Instructions
Method 1- QNAP/NAS Setup
- Login to your QNAP/NAS and make sure the following Apps are installed:
- Git – How to install Git
- Python 2.7
- Webroot
- Make sure your QNAP/NAS is reachable on the internet under the domain you want to get a certificate for on port 80 or 443.
- Create a folder to store qnap-letsencrypt in under
/share/YOUR_DRIVE/
.
Setting up a valid ca-bundle and cloning this repo (imp)
There is no ca-bundle (bundle of root certificates which we should trust) installed by default. Therefore we will have to download before install certificate manually.
On your local PC/MAC with an intact certificate store, run
curl -s https://curl.haxx.se/ca/cacert.pem | sha1sum
2.On your Qnap/Nas, in the directory you want to install qnap-letsencrypt in, run
wget --no-check-certificate https://curl.haxx.se/ca/cacert.pem sha1sum cacert.pem
3.Compare the hashes obtained in step 1 and 2, they must match.
4.Go back to QNap/Nas directory you were before
git config --system http.sslVerify true git config --system http.sslCAinfo `pwd`/cacert.pem git clone https://github.com/Yannik/qnap-letsencrypt.git mv cacert.pem qnap-letsencrypt cd qnap-letsencrypt git config --system http.sslCAinfo `pwd`/cacert.pem
Setting up qnap-letsencrypt
- Run
init.sh
- Create a Certificate Signing Request(csr): single domain cert: (replace nas.xxx.de with your domain name)
cd letsencrypt openssl req -new -sha256 -key keys/domain.key -subj "/CN=nas.xxx.de" > domain.csr
multiple domain cert: (replace nas.xxx.de and nas.xxx.com with your domain names)
cd letsencypt cp ../openssl.cnf openssl-csr-config.cnf printf "subjectAltName=DNS:nas.xxx.de,DNS:nas.xxx.com" >> openssl-csr-config.cnf openssl req -new -sha256 -key keys/domain.key -subj "/" -reqexts SAN -config openssl-csr-config.cnf > domain.csr
mv /etc/stunnel/stunnel.pem /etc/stunnel/stunnel.pem.orig
(backup)- Run
renew_certificate.sh
account.key
,domain.key
and even the csr (according to acme-tiny readme) can be reused, so create a cronjob to runrenew_certificate.sh
every night, which will renew your certificate if it has less than 30 days leftAdd this to/etc/config/crontab
:30 3 * * * cd /share/CE_CACHEDEV1_DATA/qnap-letsencrypt/ && ./renew_certificate.sh >> ./renew_certificate.log 2>&1
Then run:
crontab /etc/config/crontab /etc/init.d/crond.sh restart
Method 2- FREE SSL:
- Go to the URL: https://www.sslforfree.com/ OR https://qureshi.me/freessl/index.html
- Verify your domain, in QNAP case, use DNS verification, once verified copy and paste all certificate keys to the Qnap. that all!
More useful guides: Github and Digitalberg
- https://letsencrypt.readthedocs.io/en/latest/using.html#certbot-commands
- https://qureshi.me/freessl/index.html – free and credit go to gethttpsforfree.
- https://forum.qnap.com/viewtopic.php?t=132479
- https://www.forum-nas.fr/viewtopic.php?t=4300 (With QPKG file)
- https://www.sslforfree.com/ ( simple and good solution )
- https://gethttpsforfree.com/ – Free to install – This website is static, so it can be saved and loaded locally. Just right-click and “Save Page As..”!
- https://www.qnap.com/en-uk/product_x_down/ (download latest firmware)
Leave a Reply
Want to join the discussion?Feel free to contribute!