Kevin1213

These are some old scripts that gave me this idea about the complete automation. This is what people did for Synology DNS, but if you are using other DNS providers, this will not work. #!/bin/sh ######################################################## #This script will create a new p12 certificate for Plex #when Let's Encrypt automatically renew its one ######################################################## ######################################################## #Just adapt the values below to your configuration #Location of your script script_folder=/volume1/scripts #Folder and name you want for your p12 file p12_file_path=$script_folder/syno.p12 #Add password to the p12 file (you can leave it empty) p12cert_password= #Synology's Default Let's encrypt folder letsencrypt_cert_folder=/usr/syno/etc/certificate/system/default ######################################################## #Changes below are at your own own risk ######################################################## generate_p12=false current_date=`date +"%s"` current_certificate_date=`openssl x509 -enddate -noout -in $letsencrypt_cert_folder/cert.pem | cut -d'=' -f2` current_certificate_timestamp=`date -d "$current_certificate_date" +"%s"` #First of all, we check if the renew_timestamp file exists (this file keep in memory the further certificate renew date) if [ ! -f $script_folder/renew_timestamp ]; then echo "Generate timestamp for the current renew date... " echo $current_certificate_timestamp > $script_folder/renew_timestamp chmod +rw $script_folder/renew_timestamp chown admin:users $script_folder/renew_timestamp #We generate the first p12 file generate_p12=true else renew_date=`cat $script_folder/renew_timestamp` echo "In memory certificate expiration date is" `date -d @$renew_date` "and the current certificate expiration date is $current_certificate_date" #Now, we check if is it necessary to renew the certificate or not if expr "$current_certificate_timestamp" "!=" "$renew_date" > /dev/null; then #We ask to generate a new p12 file echo "Dates doesn't match, we have to renew the certificate..." generate_p12=true #We update the timestamp_date on the file echo "Updating the new timestamp date..." echo $current_certificate_timestamp > $script_folder/renew_timestamp else echo "It is not necessary to renew the certificate, abort." exit 0 fi fi #We generate a new certificate file if we ask it, ans we relaunch Plex App to take effect if expr "$generate_p12" "=" "true" > /dev/null; then echo "Generating the p12 certificate file..." openssl pkcs12 -export -out $p12_file_path -in $letsencrypt_cert_folder/cert.pem -inkey $letsencrypt_cert_folder/privkey.pem -certfile $letsencrypt_cert_folder/chain.pem -name "Domain" -password pass:$p12cert_password chmod +r $p12_file_path chown admin:users $p12_file_path echo "Relaunching Plex App..." sh /var/packages/Plex\ Media\ Server/scripts/start-stop-status stop sh /var/packages/Plex\ Media\ Server/scripts/start-stop-status start echo "Done." Fi ------------------------------------------------

I need to add here is that you can create the automated script directly for the certificate location : /usr/syno/etc/certificate/system/default and directly at the place where Plex take it from your drive, so you do not need to manually do it at all, and forget about the expiration. pfx certificate can be exported to your android. DS file app can send/share a link to your email directly. Click on ..pfx certificate , enter the password and you able to watch Plex on your phone in any country. Of course , the other part is to take care port forwarding and security for your NAS. I hope this is useful info.

in Steps # 2 above. I used DuckDNS with DSM 6.1.7 and it worked for me perfectly. But I imported the certificate to DSM using the generated files. cd /usr/local/acme.sh export DuckDNS_Token="xxx-ddf-vgvv-vvv" # DuckDNS token /usr/local/acme.sh/acme.sh --insecure --issue --dns dns_duckdns -d YOUR_DOMAIN.duckdns.org --log When you run these commands. Verify that no errors, all green and success, then go to /usr/local/acme.sh/certs location and copy the generated certificates/key to your desktop folder. In your DSM, Go to Control Panel--> Security---> Certificate --> Add --> Import Certificate ( choose key, certificate and intermidiate certificate) Do not choose the full chain certificate. You can set up certificate Task Management script for renewal/60 days can be changed in the script acme.sh script to 89 days. I use the certificate to authenticate Plex login from outside world. ---> https://imgur.com/a/9UKLh how to modify the generated certificates and integrate with Plex.

There is a lot of manual work. Also, for your DNS provide in step # 2 you need to check here https://github.com/acmesh-official/acme.sh/wiki/dnsapi I see the certificates were created, but not imported into Xpenology interface. There are many things to consider. I have DSM 6.1.7

Too much paranoia about the Xpenology and Survailance station. This forum does not allow providing more concrete solutions that are already available. It is been hacked 100%. A new site must be opened to continue with Xpenology development. It is not useful to get replies from Synology engineers here protecting their product