Category: Synology

  • Renewal of LetsEncrypt certificates on Synology after a move

    After exporting all my certificates from an old NAS to a new one, I realized that they were not renewed automatically anymore. Trying to renew them manually via the DMS UI (Control Panel > Security > Certificate), a zip file with a CSR file (Certificate Signing Request) and a Key file, was downloaded. I had no idea how to proceed with these, so I investigated why the automatic renewal was not working as on the old NAS. The reason was the lack of “renew.json” file on the new NAS.

    Click to Read More

    Before starting, I strongly advice to export all the certificates, one by one, using the DSM UI  (Control Panel > Security > Certificate) !!!

    Connected on the NAS via SSH, I tried first to renew the certificates with the command: /usr/syno/sbin/syno-letsencrypt renew-all

    Looking into /var/log/messages, I noticed that syno-letsencrypt was complaining about a missing renew.json file :

    syno-letsencrypt[19750]: syno-letsencrypt.cpp:489 can not find renew.json. [No such file or directory][/usr/syno/etc/certificate/_archive/XXXXXX]

    NB.: To get more details, the verbose version of the renewal can be useful: /usr/syno/sbin/syno-letsencrypt renew-all -vv

    On Synology, there is one folder /usr/syno/etc/certificate/_archive/XXXXXX per certificate, where XXXXXX is the ID of the certificate. It is assumed to contain these files: cert.pem, chain.pem, fullchain.pem, privkey.pem and renew.json. And indeed, there was no file renew.json, in the folder XXXXXX

    So, on the old NAS, I looked for the folder AAAAAA containing the same certificate as in XXXXXX (once imported on another NAS, the certificate gets a new unique ID ). Check the file /usr/syno/etc/certificate/_archive/INFO to identify the ID of the certificate.

    Once the folder AAAAAA identified, read the file renew.json which looks like this:

    {
    "account" : "/usr/syno/etc/letsencrypt/account/BBBBBB/",
    "domains" : "<your domain>",
    "server" : "https://acme-v02.api.letsencrypt.org/directory",
    "version" : 2
    }

    BBBBBB is the folder containing your letsencrypt user account, stored in the file /usr/syno/etc/letsencrypt/account/BBBBBB/info.json (Notice: there can be several accounts if you used different contact emails for your various certificates).

    Look on the new NAS for the folder ZZZZZZ equivalent to BBBBBB (comparing the info.json files).

    Once AAAAAA and BBBBBB determined, I did create a file /usr/syno/etc/certificate/_archive/XXXXXX/renew.json on the new NAS, containing:

    {
    "account" : "/usr/syno/etc/letsencrypt/account/ZZZZZZ/",
    "domains" : "<your domain>",
    "server" : "https://acme-v02.api.letsencrypt.org/directory",
    "version" : 2
    }

    And finally, I could run successfully the renewal: /usr/syno/sbin/syno-letsencrypt renew-all -vv

    To update only one certificate (for testing purpose, it’s safer than renew-all), use the folder name XXXXX of the certificate : /usr/syno/sbin/syno-letsencrypt renew -c XXXXXX -vv

    Here attached, find a script created by ChatGPT to help in generating the renew.json files (Copy and run it into /usr/syno/etc/certificate/_archive/)

    renewCertificates

    Loading

    Attachments

  • Setup DSM 7.1 in a Virtual Synology DS3622xs+ using VMWare

    Here is a step by step “How-To create a Virtual Machine to emulate a DS3622xs+ running DSM 7.1” using VMWare and a Loader from redpill

    Click to Read More

    I used a tutorial from internet to create a VM in VMWare 16 and exported this one as ovf. Using that ovf, you can easily setup your own VM with a DS3622xs+ running DSM 7.1.

    1: Download and unzip this package, containing:

    • the configuration of the virtual machine (dsm.ovf and two disk.vmk),
    • the boot file for DS3622xs+ (synoboot.vmdk) and
    • the image of the DSM 7.1 for DS3622xs+ (DSM_DS3622xs+_42661.pat)

    2: Open VMWare Workstation. If you never configured the default location where you want to create your Virtual Machines, press CTRL-P to open the “Preferences” panel. There, set this default location (I am using E:\VMWare).

    3: Go next to “Windows Explorer”, in the folder where you have unzipped the package, and double click dsm.ovf. This is going to import the VM into VMWare. Type a name for the new virtual machine (I am using DSM3622xs+ 7.1) and click “Import”.

    4: Here is the outcome to the importation. You can now click on “Power on this virtual machine”. If you want, you may also first increase the Memory, the Processors or the size of the Hard Disk 2 and 3 (Do not touch the first Hard Disk  which contains the boot loader).

    5: 5 sec after starting the VM, the bootloader will run:


    6: Open the “Synology Assistant”, which is more efficient than the page http://find.synology.com to find your VM, and after +/- 3 minutes (depending on the perf of your PC) click on “Search”. If you didn’t wait long enough, you will see an Error message (In such a case, check that you have enabled the option “Allow compatibility with devices that do not support password encryption” in the preferences – via the gear icon in the top-right corner – and/or click Search “Again”. I never had to do this more than 3 times).

    7: Finally, the Assistant will find your VM. A webpage should automatically open (Otherwise, double-click on the VM). Approve the EULA and click Install.

    8: Click next on Browse to select the image of the DSM 7.1 for DS3622xs+ and Select the file “DSM_DS3622xs+_42661.pat” in the folder where you unzipped the package downloaded previously.

    9: Finally, click on “Next” and confirm that the installation can override the disk… (You can safely tick the “I understand…” it’s the virtual Hard Disk member of the VM. No worry 😉 )

    10: The installation will take a few minutes

    11: Once the installation complete, you will see in the VMWare Workstation that the VM is rebooting. On the installation page, you see a countdown.

    12: You should soon see that it’s installing packages before being finally ready to “start”

    13: If you are requested to login into the VM, do it as “admin” without password and configure it. Next configure your new NAS (Do not accept automatic updates !!!).

    I did skip the creation of Synology account and didn’t agree on Device Analytics or the display of this Nas in the Web Assistant.

    14: It’s now time to use the Hard Disk 2 and 3 to create a first Volume. Open the DSM Main Menu and start the Storage Manager (Then, it’s just a next, next, next journey depending on which Disk Array you want).

    15: Et voila, you have now a brand new DS3266xs+ with the DSM 7.1-42661 (DO NOT UPGRADE !!! The NAS would go into a “Recoverable” and I have no resolution for that)