Anyone had any success with letsencrypt on Xpenology?


Recommended Posts

I'm somewhat lacking in my linux skills unfortunately so I haven't attempted any test myself but letsencrypt may interest some of the linux gurus and the more adventurous xpeneology users.

 

Quick overview for those who haven't come across letsencrypt before:

Letsencrypt is a free (as in cost and freedom/privacy) signed ssl solution. The project entered public beta in late 2015. The minor downside is the certificates are only valid for 90 days. From what I have read it should be possible to automate the renewals if the systems meets the requirements. You can have multiple certificates for your servers web services which resolves to an IP using a FQDN.

 

There are some plugins and there is documentation to help with the creation of plugins - for those who have the ability to create them. Maybe some linux god could create something to ease the pain for xpenology users?

 

One of the installation methods uses Docker although it can create the certificates it lacks the ability to complete the process as docker can't handle the processes required outside the container.

 

It would be nice to put an end to the browser ssl warnings due to using self signed certs.

 

Anyone interested can find out more on the Letsencrypt website here https://letsencrypt.org/ and installation docs can be read here https://letsencrypt.readthedocs.org/en/latest/.

 

Please share your experiences with the community if you have attempted to install certificates using the Letsencrypt service.

Link to post
Share on other sites

Thanks for the replies folks. I have done a little more research since opening this post and it seems it shouldn't be too painful even for a linux dummy like me. :oops:

 

There seems to be plenty of info out there about different methods - manual being the option most talked about for DSM 5.x machines. From what I have read it looks like Synology are building in acme support for LE in DSM 6.x which will greatly simplify the whole process.

 

Another interesting point I read was that LE certs. can be applied to dynamic dns domains like x.no-ip.com etc. which is very cool!

 

Greater access and simpler access to secure connections can only be a good thing for everyone one trawling the web. A widely accepted decentralised dns system would really start to establish our rights to better privacy and web security. The best solution I have seen for that is the namecoin dns alternative which uses the bitcoin bit chain technology. Sadly the major browsers haven't added namecoin to their dns list. To work around that you can use something like MeowBit to resolve domain names on the Namecoin system. You will need the namecoin wallet installed with an up to date block chain in order use MeowBit.

 

Skip this next part it's just a rant! :oops:

 

The biggest issue is the vast majority of people have swallowed the "nothing to fear nothing to hide" fallacy with respect to their privacy. These same people would strongly object if I sat on their doorstep and steamed open and scanned their mail before they even got to read it! The other issue is there seems to be little control over the psychopaths and sociopaths (who like to operate in secrecy/privacy) deciding what will be deemed acceptable behaviour, activities and beliefs for the majority of us. Buying cigarettes 15 years ago wasn't seen as an offensive activity, and yet here we are today in a world with a very different attitude towards the buying and selling of a naturally occurring plant product, which has a deep and significant history of human consumption throughout the world. The smokers of yesteryear thought they had nothing to hide and nothing to fear...funny how things get twist and changed, while morphing into something totally insane once authorities interfere and medal with our daily lives. Maybe they could explain why the cancer rates keep rising while the percentage of smokers continues to decline? :shock::roll: Oh I forgot it's all for the benefit of the children (fallacy) of course. The unrepairable debts created by corrupt banks and their political lackeys was all for the benefit of the children, who are now blessed with generations of unrelenting debt repayments. I can't imagine how bad it would be for the children if the governments of this world weren't looking out for them!? :roll:

 

"Just because you're paranoid doesn't mean they aren't after you"

"[They] agreed that it was neither possible nor necessary to educate people who never questioned anything." Joseph Heller more great Heller quotes.

 

01001011 01100101 01100101 01110000 00100000 01100011 01100001 01101100 01101101 00100000 00100111 01101110 00100000 01100011 01100001 01110010 01110010 01111001 00100000 01101111 01101110. :smile:

 

[spoiler=]Keep calm 'n carry on.

 

Link to post
Share on other sites

@NeoID,

 

I looked at StartSSL a couple of years ago and after some research I preferred to give that company a swerve. :wink:

 

@Bob TB,

 

I caught that first link earlier today and I guess the language prevented me from discovering the other links. :smile: Thanks for the heads up I will set the translator onto them later. Congrats on your success with LE! :smile: The manual method seems to be the way to go even if it does involve a bit of messing about. I haven't noticed as many people discussing the Docker container method which looks relatively easy on the surface although there are some caveats in some of the guides.

Link to post
Share on other sites
I looked at StartSSL a couple of years ago and after some research I preferred to give that company a swerve. :wink:

 

For personal use their free certificates are OK.

They offer good security and are a CA so what is the issue?

 

I have registered my domain with LE and may move to it when it is easier to maintain.

Link to post
Share on other sites
I looked at StartSSL a couple of years ago and after some research I preferred to give that company a swerve. :wink:

 

For personal use their free certificates are OK.

They offer good security and are a CA so what is the issue?

 

I have registered my domain with LE and may move to it when it is easier to maintain.

 

The issue was/is political which also raises concerns about the security for me personally. It's a personal choice and if you're good with it then there is no problem for you. My choice was to give them a very wide berth.

Link to post
Share on other sites