GreyMamba

I'd managed, by some methodology lost in the mists of time, to partially enable HTTPS on my Synology webserver - serving this site. However, a couple of days ago, the certificate expired and web browsers across the Universe got their underwear in a twist, decided my site must be the devils own work and refused to countenance opening any page.

Unfortunately, this also applied to my admin interface - which made it difficult to fix! I found a bit of a backdoor (which I won't detail here for obvious reasons), logged in and proceeded to trash the system with by ham-fisted, impatient efforts to sort things out. So, in a further fit of patience deficit, I did a factory reset, and re-set up a non-certificated server.

Now to get my security back:

Being a cheapskate, and not really needing a super-secure system, I decided to use a free certificate from "Let's Encrypt". Synology does in fact have an automatic way of doing this. There is reasonable documentation and this youtube video covers it pretty well.

Log in to your DSM 6.0 or higher.

Let's Encrypt certificates will renew every 90 days. However, to get an initial one and to allow the renewal you need to add a port forwarding rule on the NAS - port 80, TCP. Do this through Network > Traffic Control.

Now just go to Security > Certificate and 'add > add a new certificate' and follow the prompts for adding a free Let's Encrypt certificate. make it the default certificate for simplicity. You can also configure what uses this certificate on this page.

Finally go to Network > DSM settings and click "Automatically redirect HTTP ..."

Don't forget that this will change the port on which your DSM access page sits.

Finally, even after doing all this, my Rapidweaver generated web site was giving partial security warnings. This was because I hadn't changed the address of my website from http to https in the Publish and General settings. Did that, re-published and all is now OK!