CtrlAltDel Posted January 22, 2016 Share #1 Posted January 22, 2016 I'm somewhat lacking in my linux skills unfortunately so I haven't attempted any test myself but letsencrypt may interest some of the linux gurus and the more adventurous xpeneology users. Quick overview for those who haven't come across letsencrypt before: Letsencrypt is a free (as in cost and freedom/privacy) signed ssl solution. The project entered public beta in late 2015. The minor downside is the certificates are only valid for 90 days. From what I have read it should be possible to automate the renewals if the systems meets the requirements. You can have multiple certificates for your servers web services which resolves to an IP using a FQDN. There are some plugins and there is documentation to help with the creation of plugins - for those who have the ability to create them. Maybe some linux god could create something to ease the pain for xpenology users? One of the installation methods uses Docker although it can create the certificates it lacks the ability to complete the process as docker can't handle the processes required outside the container. It would be nice to put an end to the browser ssl warnings due to using self signed certs. Anyone interested can find out more on the Letsencrypt website here https://letsencrypt.org/ and installation docs can be read here https://letsencrypt.readthedocs.org/en/latest/. Please share your experiences with the community if you have attempted to install certificates using the Letsencrypt service. Link to comment Share on other sites More sharing options...
brantje Posted January 22, 2016 Share #2 Posted January 22, 2016 LE is great, i use it for my projects. It should be possible to use LE for xpenology, if you like to renew the cert every 90 day's in DSM be my guest. I just bought a 2 year valid ssl cert for my nas. Link to comment Share on other sites More sharing options...
brantje Posted January 22, 2016 Share #3 Posted January 22, 2016 Some more info here: http://forum.synology.com/enu/viewtopic.php?f=3&t=93279 Link to comment Share on other sites More sharing options...
CtrlAltDel Posted January 22, 2016 Author Share #4 Posted January 22, 2016 Thanks for the replies folks. I have done a little more research since opening this post and it seems it shouldn't be too painful even for a linux dummy like me. There seems to be plenty of info out there about different methods - manual being the option most talked about for DSM 5.x machines. From what I have read it looks like Synology are building in acme support for LE in DSM 6.x which will greatly simplify the whole process. Another interesting point I read was that LE certs. can be applied to dynamic dns domains like x.no-ip.com etc. which is very cool! Greater access and simpler access to secure connections can only be a good thing for everyone one trawling the web. A widely accepted decentralised dns system would really start to establish our rights to better privacy and web security. The best solution I have seen for that is the namecoin dns alternative which uses the bitcoin bit chain technology. Sadly the major browsers haven't added namecoin to their dns list. To work around that you can use something like MeowBit to resolve domain names on the Namecoin system. You will need the namecoin wallet installed with an up to date block chain in order use MeowBit. Skip this next part it's just a rant! The biggest issue is the vast majority of people have swallowed the "nothing to fear nothing to hide" fallacy with respect to their privacy. These same people would strongly object if I sat on their doorstep and steamed open and scanned their mail before they even got to read it! The other issue is there seems to be little control over the psychopaths and sociopaths (who like to operate in secrecy/privacy) deciding what will be deemed acceptable behaviour, activities and beliefs for the majority of us. Buying cigarettes 15 years ago wasn't seen as an offensive activity, and yet here we are today in a world with a very different attitude towards the buying and selling of a naturally occurring plant product, which has a deep and significant history of human consumption throughout the world. The smokers of yesteryear thought they had nothing to hide and nothing to fear...funny how things get twist and changed, while morphing into something totally insane once authorities interfere and medal with our daily lives. Maybe they could explain why the cancer rates keep rising while the percentage of smokers continues to decline? Oh I forgot it's all for the benefit of the children (fallacy) of course. The unrepairable debts created by corrupt banks and their political lackeys was all for the benefit of the children, who are now blessed with generations of unrelenting debt repayments. I can't imagine how bad it would be for the children if the governments of this world weren't looking out for them!? "Just because you're paranoid doesn't mean they aren't after you" "[They] agreed that it was neither possible nor necessary to educate people who never questioned anything." Joseph Heller more great Heller quotes. 01001011 01100101 01100101 01110000 00100000 01100011 01100001 01101100 01101101 00100000 00100111 01101110 00100000 01100011 01100001 01110010 01110010 01111001 00100000 01101111 01101110. [spoiler=]Keep calm 'n carry on. Link to comment Share on other sites More sharing options...
brantje Posted January 22, 2016 Share #5 Posted January 22, 2016 Agreed, LE is a great service ^_^. Link to comment Share on other sites More sharing options...
NeoID Posted January 22, 2016 Share #6 Posted January 22, 2016 I use StartSSL (Free) with XPenology and it works great! Link to comment Share on other sites More sharing options...
Bob the Builder Posted January 22, 2016 Share #7 Posted January 22, 2016 Good howto can be found in this thread at the LE forums: https://community.letsencrypt.org/t/syn ... ity/453/15 and: http://www.synology-forum.de/showthread ... post573165 I successfully installed https://gethttpsforfree.com Link to comment Share on other sites More sharing options...
CtrlAltDel Posted January 22, 2016 Author Share #8 Posted January 22, 2016 @NeoID, I looked at StartSSL a couple of years ago and after some research I preferred to give that company a swerve. @Bob TB, I caught that first link earlier today and I guess the language prevented me from discovering the other links. Thanks for the heads up I will set the translator onto them later. Congrats on your success with LE! The manual method seems to be the way to go even if it does involve a bit of messing about. I haven't noticed as many people discussing the Docker container method which looks relatively easy on the surface although there are some caveats in some of the guides. Link to comment Share on other sites More sharing options...
anthonyuk Posted January 23, 2016 Share #9 Posted January 23, 2016 I looked at StartSSL a couple of years ago and after some research I preferred to give that company a swerve. For personal use their free certificates are OK. They offer good security and are a CA so what is the issue? I have registered my domain with LE and may move to it when it is easier to maintain. Link to comment Share on other sites More sharing options...
CtrlAltDel Posted January 23, 2016 Author Share #10 Posted January 23, 2016 I looked at StartSSL a couple of years ago and after some research I preferred to give that company a swerve. For personal use their free certificates are OK. They offer good security and are a CA so what is the issue? I have registered my domain with LE and may move to it when it is easier to maintain. The issue was/is political which also raises concerns about the security for me personally. It's a personal choice and if you're good with it then there is no problem for you. My choice was to give them a very wide berth. Link to comment Share on other sites More sharing options...
30624700 Posted January 25, 2016 Share #11 Posted January 25, 2016 Here is a link for lets encrypt dummy setup, no git, no python, no linux skill required Its amazing to know that even xxx.myds.me is also supported https://www.sslforfree.com/ Link to comment Share on other sites More sharing options...
shrabok Posted January 26, 2016 Share #12 Posted January 26, 2016 thanks for the link 30624700, it worked for my freenom domain as long as you can prove you are hosting it. And they will update you every 3 months for renewal. Now I have a free domain and free ssl cert. Link to comment Share on other sites More sharing options...
brantje Posted January 27, 2016 Share #13 Posted January 27, 2016 In DSM 6 LE will be build in into DSM. Link to comment Share on other sites More sharing options...
Recommended Posts