Let's Encrypt SSL Certificate Idiot's Guide

Post your questions about myQNAPcloud service here.
Tim1023
Starting out
Posts: 13
Joined: Wed Oct 17, 2018 8:02 pm

Let's Encrypt SSL Certificate Idiot's Guide

Post by Tim1023 »

I'm just in the process of installing my first NAS and just wasted most of my weekend trying to get my own certificate via Let's Encrypt or SSL for Free (which generates certificates from Let's Encrypt). In the end it was dead simple, so I thought I'd write this for other beginners with an easy-to-find title.

It turns out that you don't need to faff around with external sites, SSH, cURL commands, and all of that other frightening-looking stuff. QNAP has kindly integrated everything into apps, but only one of them works!

I assume that you have managed to set up myqnapcloud and have the myqnapcloud app running on your NAS.

1. IGNORE Control Panel/System/Security/Certificate & Private Key as this seems to have a bug. This page can be used later to download your certificate should you need it.
2. Open the myqnapcloud app on your NAS
3. Click on SSL Certificate in the left panel
4. Under Let's Encrypt, hit the Download and Install button
5. Enter your myqnapcloud domain name <yourdomain>.myqnapcloud.com and your email address
6. Select Automatically Renew should you want. Probably best.
7. Click on confirm & wait a little
8. Enjoy all that SSL goodness!

I assume that the above should work in the vast majority of cases. :)
References to help Forum search: https://letsencrypt.org/, https://www.sslforfree.com/
TS-251B, QTS 4.3.5.0723 (2018/10/13), 2 x WD Red 4T SATA, UPS= Cyberpower VALUE600EILCD, NAS backup to external HD stored off-site
aloharaz
New here
Posts: 3
Joined: Wed Sep 17, 2014 2:54 am

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by aloharaz »

nobody wants to use myqnapcloud **. I want to use my own fixed IP and domain name!!!
qnap.myowndomain.com for example.
User avatar
Toxic17
Ask me anything
Posts: 6468
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by Toxic17 »

aloharaz wrote: Wed Apr 17, 2019 6:47 am nobody wants to use myqnapcloud **. I want to use my own fixed IP and domain name!!!
qnap.myowndomain.com for example.
I suggest you use this then.

viewtopic.php?f=320&t=132911
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
terrytse
New here
Posts: 2
Joined: Fri Feb 03, 2017 12:21 pm

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by terrytse »

use Let's Encrypt SSL Certificate with own domain name

On Qnap
1. Enable Web Server with port 80. Control Panel --> Applications --> Web Server
2. Ensure Qnap System port is not using port 80. Control Panel --> System --> General Setting --> System Port is not port 80

On your router
3. create a port forward rule, forward external port 80 to internal port 80, server is your qnap

On you Browser
4. test web access to your qnap public ip or FQDN, http://your_qnap_ip:80
5. make sure it will not redirect to your Qnap admin login page

On Qnap
6. download and install Let's Encrypt SSL Cert, Control Panel --> System --> Security --> Certificate & Private Key, click "Replace Certificate" --> get from Let's Encrypt
7 . enter your own domain name qnap.myowndoamin.com and your email address


i am able to install Let's Encrypt SSL Cert by doing above.


** tested enable "force secure connection (HTTPS) only" under Control Panel --> System --> General Setting, seem it will break
SenseoHasser
Starting out
Posts: 32
Joined: Sat Jan 03, 2009 1:21 am

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by SenseoHasser »

Thanks for this guide!

Is there a way to auto-renew the certificate?
kirilly
New here
Posts: 4
Joined: Sun Mar 31, 2019 11:37 am

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by kirilly »

Hi, I've managed to trick Chrome SSL using local network address with Let's Encrypt certificate + editing hosts (making "https" icon NOT crossed out ie. certificate considered valid):
1.Followed "Let's Encrypt SSL Certificate Idiot's Guide" by using myqnapcloud (I have error by missing port 80 etc. with Control Panel --> Applications --> Web Server)

2.Added to hosts file:

Code: Select all

192.168.1.2:443 my-id.myqnapcloud.com
(or whatever your local NAS IP and port is)

3.Followed the URL:

Code: Select all

https://my-id.myqnapcloud.com:443
Hope this will help!
drock_in_nc
First post
Posts: 1
Joined: Wed Apr 10, 2019 9:49 pm

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by drock_in_nc »

I was getting the port 80 error. Turned out to be I had the checkbox to force only HTTPS connection checked on the webserver. Once I removed that setting I was able to redo my certificate and all my sub alt names.
goodelyfe
Know my way around
Posts: 122
Joined: Tue Jul 01, 2014 5:50 pm

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by goodelyfe »

Control Panel --> System --> Security --> Certificate & Private Key, click "Replace Certificate"


if you are using this method, where are the certs placed?
valba
First post
Posts: 1
Joined: Fri May 17, 2019 9:50 pm

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by valba »

In order to automatically update your NAS with several domain names (*.myqnapcloud.com and/or *.whatevercloud.* domain name you use), the following script worked for me like a charm:

https://github.com/Yannik/qnap-letsencrypt

I hope it helps.
giorginus80
New here
Posts: 3
Joined: Fri May 05, 2017 4:16 am

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by giorginus80 »

terrytse wrote: Fri Jun 14, 2019 3:40 pm
On your router
3. create a port forward rule, forward external port 80 to internal port 80, server is your qnap
After the script of Yannik is running to renew we need to keep the router forward to 80 or can we only keep the 443 for the renew?
goliash
New here
Posts: 2
Joined: Sun Aug 30, 2020 8:09 pm

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by goliash »

:!: :!: :!: You have to disable the Virtual Hosts in Control Panel --> Application Servers --> Web Server before getting certificate from Let's Encrypt via Control Panel --> System --> Security --> Certificate & Private Key, otherwise you'll get some wierd error. Once certificate is issued and installed on NAS, you can turn Virtual Hosts on again.

Other think I've found out as issue are UPnP rules set up by my QNAP on my home router. It should be ok if you have just one QNAP NAS on your network, but I have more of them and they somehow changed my defined rules on port forwarding, so port 80 and 443 ended on the wrong NAS.
eight13atnight
Starting out
Posts: 11
Joined: Sat Jul 01, 2017 1:52 am

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by eight13atnight »

I'm experiencing some of the same issues mentioned in this thread, but with different results.

1) I've disabled Web server: Control Panel --> Application Servers --> Web Server
2) I have Virtual Host and WebDAV both disabled. Control Panel --> Application Servers --> Web Server (tab Virtual Host/WebDAV)
3) I've changed HTTPS Port number back to 443 successfully (From the one I was using to secure my Nas). Control Panel --> System --> General
4) Upon trying to change the HTTP System port back to 80 (this is what I understand needs to happen to allow Let's Encrypt to verify the server) I get an error that "The system port is used by other applications".

I've tried stopping all running applications with no positive results.

No matter what, I can't seem to get the system port to switch BACK to port 80.

Has anyone else experienced this reaction? Would love to hear some idea's to try.

FYI I'm using a Dynamic DNS to direct traffic to the server. Typically my address is https://[my server].ddns.net:[my port]. It's been working fine (and still does, although with the expired SSL certificate I get a risk message every time).
rodrigocatarino
Getting the hang of things
Posts: 63
Joined: Wed Oct 28, 2009 8:42 pm

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by rodrigocatarino »

Hi all,

I was trying to use the lets encrypt certificate on my TS-639 but i am stuck on step "4. Under Let's Encrypt, hit the Download and Install button"
I dont see the option.

As i mentioned above, my qnap is a TS-639 running firmware 4.2.6 from 2020/08/21.

Is the issue my TS-639 and the firmware version?

Thanks in advance.
Rodrigo
Doozer
Getting the hang of things
Posts: 70
Joined: Fri Apr 04, 2008 7:53 pm

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by Doozer »

Has anyone managed to create and download a Lets Encrypt cert for the [youraccount].myqnapcloud.com domain via the myqnapcloud app on QNAP for the last three months?
TS-209 Pro -> TS-212P -> TS-251
sfanara
New here
Posts: 2
Joined: Mon Sep 14, 2009 8:49 pm

Re: Let's Encrypt SSL Certificate Idiot's Guide

Post by sfanara »

terrytse wrote: Fri Jun 14, 2019 3:40 pm use Let's Encrypt SSL Certificate with own domain name

On Qnap
1. Enable Web Server with port 80. Control Panel --> Applications --> Web Server
2. Ensure Qnap System port is not using port 80. Control Panel --> System --> General Setting --> System Port is not port 80

On your router
3. create a port forward rule, forward external port 80 to internal port 80, server is your qnap

On you Browser
4. test web access to your qnap public ip or FQDN, http://your_qnap_ip:80
5. make sure it will not redirect to your Qnap admin login page

On Qnap
6. download and install Let's Encrypt SSL Cert, Control Panel --> System --> Security --> Certificate & Private Key, click "Replace Certificate" --> get from Let's Encrypt
7 . enter your own domain name qnap.myowndoamin.com and your email address


i am able to install Let's Encrypt SSL Cert by doing above.


** tested enable "force secure connection (HTTPS) only" under Control Panel --> System --> General Setting, seem it will break
I can't move past Step #6 because there's no such "Replace" option where I could then choose a Let's Encrypt Certificate. I am on latest 4.2.6. firmware on a TS 639 pro.

Any help towards resolution would be much appreciated.

Thanks in advance :)
Post Reply

Return to “myQNAPcloud service”