This video is mis-leading that the instructions provided to make HTTPS work on NAS creates the impression that it will work in both WAN and LAN use cases... both not. It doesn't work on LAN (the most common use case which includes access NAS over router's VPN). And it doesn't work on WAN bec it doesn't mention you must enable port forwarding in your router. This instructional video implies the NAS is connected directly to internet (ie. no router in between)... perhaps the less common use case. To me, the most common use case is enabling HTTPS when access the NAS over LAN and via router's VPN... but in DSM 7, you cannot make this work as Synology removed the ability to create Certificate Authority certificate (it existed in DSM 6.x). Hence, it's extra hassle to use an external tool to create a CA, download the CSR from DSM7, have the external CA sign it then upload the signed device certificate to NAS then distribute CA certificate to each LAN client. Here's a new feature suggestion to Synology: Pls automate the above process so we get rid of that browser warning when access the NAS over LAN or via router's VPN. Streamline the process so the only step we do is distribute the certificate to each client. Make the user experience be pleasant so the 1st web page we see is NAS web page... not a big red security warning from the browser... not a good visual experience. An even better feature suggestion: A single solution to make HTTPS work when access the NAS over WAN, over LAN and over router's VPN.
And I was wondering what was wrong on my end... thanks for clearing this up. I don't want my NAS to be available from outside, yet was made to think this HTTPS process would also be beneficial in local network use.
You are supposed to already have a domain name with a A record pointing to your NAS. If your device has 2 ways to access it, from the internet with one IP and from your LAN with another IP, which IP will you choose to set in the DNS ? You can set 2 domain names for example, or use your own DNS server which will return the local IP when you query it from the LAN, while a global one will return the router address. Better have a fixed IP address obviously, or use DDNS. You should have resolved that problem before issuing a certificated for your NAS.
Trying for weeks to get this to work. The only reply from Synology support is that all information is out there and suddenly this new video... so probably this video was missing after all. Still does not work btw, very frustrating.
Is there a way of doing this but only allowing access within a local network? I don't want external access but also don't want the cert warnings from Chrome etc.
Yes but I did it with nginx proxy server on my Pi 5. Then I imported the let's encrypt credentials to my Synology nas. There's more steps involved but I'm too lazy to explain it here. 😅
You just have to open port 80 while running the wizard to obtain the certificate - that will take less than 2 minutes. After that, you can turn off port 80 on your router again.
Synology really needs to get an experienced technical writer who can present the subject of setting up a NAS as a web hosting platform in a manner that can be followed step-by-step from beginning to end. Having to skip from one referenced article to another is not only confusing, but frustrating. Many of the articles are not updated to DSM 7.2 which only leads to more confusion as to which step needs to be taken next. Synology seems to be assuming that all who read their instructions are experienced IT professionals, when in fact I'd wager most are first time users who just want to get their websites up and running. Instructions should be presented in an orderly fashion that can be followed by the newbie, with instructions supported by explanations as to the "why" certain steps or answers are needed. It would be great if they could just publish the steps / procedure in a .PDF that could be downloaded and then printed. It's nice to have something that can be highlighted and where notes can be made in the margin. I'm not looking to obtain a degree in computer technology, I just want to get my website up and running.
When I follow these instructions *to the letter*, when I try to get the Let's Encrypt certificate I get an error message saying "The certificate issuer is unable to validate this domain name. Please make sure the domain name is valid." and it seems there is precisely zero help in understanding how to fix this issue.
This is helpful, but Synology… think about hiring a voice actor. AI voice feels cold and cheap; not exactly what you want people associating with your brand. Also, your consumer-unfriendly practice of limiting support for 3rd party hard drives is increasingly becoming a reason to look to your competitors.
I agree. There are more companies getting into the NAS space that has newer and better hardware than Synology this 2024 and doesn't force you to use their own branded drives like Synology. If Synology keeps this up, I'll be switching to another brand too or just build my own. I also will stop recommending Synology to friends, family, coworkers, and customers because of this practice. 😮💨
or if AI is the only option, then I vote to go all in with an AI generated voice of the late great *Gilbert Godfrey* 🫡 Once you’ve heard him read pages from the popular novel titled _“Fifty Shades of Gray”_ well you get a pass from me, and if you do … better have more *CowBell!* than I can shake a stick at🤠
No point in wasting your time on this video. I have both router and NAS synology. I got the certificates updated on the router myself, but the NAS does not let me set the domain name, gives an error message: "invalid domain. please make sure this domain can be resolved into a public address"
This video is mis-leading that the instructions provided to make HTTPS work on NAS creates the impression that it will work in both WAN and LAN use cases... both not. It doesn't work on LAN (the most common use case which includes access NAS over router's VPN). And it doesn't work on WAN bec it doesn't mention you must enable port forwarding in your router. This instructional video implies the NAS is connected directly to internet (ie. no router in between)... perhaps the less common use case.
To me, the most common use case is enabling HTTPS when access the NAS over LAN and via router's VPN... but in DSM 7, you cannot make this work as Synology removed the ability to create Certificate Authority certificate (it existed in DSM 6.x). Hence, it's extra hassle to use an external tool to create a CA, download the CSR from DSM7, have the external CA sign it then upload the signed device certificate to NAS then distribute CA certificate to each LAN client.
Here's a new feature suggestion to Synology: Pls automate the above process so we get rid of that browser warning when access the NAS over LAN or via router's VPN. Streamline the process so the only step we do is distribute the certificate to each client. Make the user experience be pleasant so the 1st web page we see is NAS web page... not a big red security warning from the browser... not a good visual experience.
An even better feature suggestion: A single solution to make HTTPS work when access the NAS over WAN, over LAN and over router's VPN.
And I was wondering what was wrong on my end... thanks for clearing this up. I don't want my NAS to be available from outside, yet was made to think this HTTPS process would also be beneficial in local network use.
You are supposed to already have a domain name with a A record pointing to your NAS. If your device has 2 ways to access it, from the internet with one IP and from your LAN with another IP, which IP will you choose to set in the DNS ? You can set 2 domain names for example, or use your own DNS server which will return the local IP when you query it from the LAN, while a global one will return the router address. Better have a fixed IP address obviously, or use DDNS. You should have resolved that problem before issuing a certificated for your NAS.
@@6rimR3ap3r in that case just create your own self signed certificate, and trust it.
Trying for weeks to get this to work. The only reply from Synology support is that all information is out there and suddenly this new video... so probably this video was missing after all. Still does not work btw, very frustrating.
it is worth to mention that Let's Encrypt certificate issuing requires port 80 to be forwarded to NAS on home router.
Hi, thanks for your comment, how do it?
Hello! Instructions are specific to router. Google "port forwarding" for your model.
Is there a way of doing this but only allowing access within a local network? I don't want external access but also don't want the cert warnings from Chrome etc.
Yes but I did it with nginx proxy server on my Pi 5. Then I imported the let's encrypt credentials to my Synology nas. There's more steps involved but I'm too lazy to explain it here. 😅
You just have to open port 80 while running the wizard to obtain the certificate - that will take less than 2 minutes. After that, you can turn off port 80 on your router again.
thank you great video just need to do port forwarding in router and having public ip address is cool
Synology really needs to get an experienced technical writer who can present the subject of setting up a NAS as a web hosting platform in a manner that can be followed step-by-step from beginning to end. Having to skip from one referenced article to another is not only confusing, but frustrating. Many of the articles are not updated to DSM 7.2 which only leads to more confusion as to which step needs to be taken next. Synology seems to be assuming that all who read their instructions are experienced IT professionals, when in fact I'd wager most are first time users who just want to get their websites up and running. Instructions should be presented in an orderly fashion that can be followed by the newbie, with instructions supported by explanations as to the "why" certain steps or answers are needed. It would be great if they could just publish the steps / procedure in a .PDF that could be downloaded and then printed. It's nice to have something that can be highlighted and where notes can be made in the margin. I'm not looking to obtain a degree in computer technology, I just want to get my website up and running.
When I follow these instructions *to the letter*, when I try to get the Let's Encrypt certificate I get an error message saying "The certificate issuer is unable to validate this domain name. Please make sure the domain name is valid." and it seems there is precisely zero help in understanding how to fix this issue.
This is helpful, but Synology… think about hiring a voice actor. AI voice feels cold and cheap; not exactly what you want people associating with your brand. Also, your consumer-unfriendly practice of limiting support for 3rd party hard drives is increasingly becoming a reason to look to your competitors.
I agree. There are more companies getting into the NAS space that has newer and better hardware than Synology this 2024 and doesn't force you to use their own branded drives like Synology.
If Synology keeps this up, I'll be switching to another brand too or just build my own. I also will stop recommending Synology to friends, family, coworkers, and customers because of this practice. 😮💨
lol, soft
or if AI is the only option, then I vote to go all in with an AI generated voice of the late great *Gilbert Godfrey* 🫡
Once you’ve heard him read pages from the popular novel titled _“Fifty Shades of Gray”_ well you get a pass from me, and if you do … better have more *CowBell!* than I can shake a stick at🤠
No point in wasting your time on this video. I have both router and NAS synology. I got the certificates updated on the router myself, but the NAS does not let me set the domain name, gives an error message: "invalid domain. please make sure this domain can be resolved into a public address"
I would like to listen, but the music is annoying.
Synology is big regret becarefull there is no good services and support !!!