Install Instructions

Method 1- QNAP/NAS Setup

  1. Login to your QNAP/NAS and make sure the following Apps are installed:
  2. Make sure your QNAP/NAS is reachable on the internet under the domain you want to get a certificate for on port 80 or 443.
  3. Create a folder to store qnap-letsencrypt in under /share/YOUR_DRIVE/.

Setting up a valid ca-bundle and cloning this repo (imp)

There is no ca-bundle (bundle of root certificates which we should trust) installed by default. Therefore we will have to download before install certificate manually.

On your local PC/MAC with an intact certificate store, run

curl -s | sha1sum

2.On your Qnap/Nas, in the directory you want to install qnap-letsencrypt in, run

wget --no-check-certificate
sha1sum cacert.pem

3.Compare the hashes obtained in step 1 and 2, they must match.

4.Go back to QNap/Nas directory you were before

git config --system http.sslVerify true
git config --system http.sslCAinfo `pwd`/cacert.pem
git clone
mv cacert.pem qnap-letsencrypt
cd qnap-letsencrypt
git config --system http.sslCAinfo `pwd`/cacert.pem

Setting up qnap-letsencrypt

  1. Run
  2. Create a Certificate Signing Request(csr): single domain cert: (replace with your domain name)
    cd letsencrypt 
    openssl req -new -sha256 -key keys/domain.key -subj "/" > domain.csr

    multiple domain cert: (replace and with your domain names)

    cd letsencypt 
    cp ../openssl.cnf openssl-csr-config.cnf 
    printf "," >> openssl-csr-config.cnf 
    openssl req -new -sha256 -key keys/domain.key -subj "/" -reqexts SAN -config openssl-csr-config.cnf > domain.csr
  3. mv /etc/stunnel/stunnel.pem /etc/stunnel/stunnel.pem.orig (backup)
  4. Run
  5. account.key, domain.key and even the csr (according to acme-tiny readme) can be reused, so create a cronjob to run every night, which will renew your certificate if it has less than 30 days leftAdd this to /etc/config/crontab:
    30 3 * * * cd /share/CE_CACHEDEV1_DATA/qnap-letsencrypt/ && ./ >> ./renew_certificate.log 2>&1

    Then run:

    crontab /etc/config/crontab 
    /etc/init.d/ restart

Method 2- FREE SSL:

  1. Go to the URL:  OR
  2. Verify your domain, in QNAP case, use DNS verification, once verified copy and paste all certificate keys to the Qnap. that all!

More useful guides: Github and Digitalberg 

  2. – free and credit go to gethttpsforfree.
  4. (With QPKG file)
  5. ( simple and good solution )
  6. – Free to install – This website is static, so it can be saved and loaded locally. Just right-click and “Save Page As..”!
  7. (download latest firmware)
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *