This article explains how to obtain a certificate from Let's Encrypt on your Synology NAS. You can also follow the instructions in this video tutorial.

The Let's Encrypt DST Root CA X3 certificate is expired as of September 30, 2021. For DSM 6.2.3 and below, you must update to DSM 6.2.4 Update 2 or above to obtain a Let's Encrypt certificate.

Preparation

You should have already registered a domain, such as example.com. If not, you can obtain one via either of the following methods:

• Synology DDNS: Go to DSM Control Panel > External Access > DDNS to set up a DDNS hostname. Refer to the respective help articles for DSM 7.0 and DSM 6.2 for more information.
• Customized domain: Apply for a domain from a third-party domain provider.

Add a certificate from Let's Encrypt

1. Go to DSM Control Panel > Security > Certificate.
2. Click Add.
3. Select Add a new certificate and click Next.
4. Select Get a certificate from Let's Encrypt and click Next.
5. Enter the following information:
• Domain name: Enter the Synology DDNS hostname or your customized domain, such as example.com.
• Email: Enter the email address used for certificate registration. This is where a notification will be sent when the certificate is about to expire.
• Subject Alternative Name:¹ You can enter other domain names here to allow one certificate to cover multiple domains. For instance, if you have entered example.com in Domain name and wish to share the same certificate with your device's other domain mail.example.com, enter the latter in this field.
6. Click Apply to save the settings. Once confirmed, the certificate will be instantly imported.