Page 1 of 4

Let's Encrypt SSL Certificate Idiot's Guide

Posted: Mon Oct 29, 2018 11:16 pm
by Tim1023
I'm just in the process of installing my first NAS and just wasted most of my weekend trying to get my own certificate via Let's Encrypt or SSL for Free (which generates certificates from Let's Encrypt). In the end it was dead simple, so I thought I'd write this for other beginners with an easy-to-find title.

It turns out that you don't need to faff around with external sites, SSH, cURL commands, and all of that other frightening-looking stuff. QNAP has kindly integrated everything into apps, but only one of them works!

I assume that you have managed to set up myqnapcloud and have the myqnapcloud app running on your NAS.

1. IGNORE Control Panel/System/Security/Certificate & Private Key as this seems to have a bug. This page can be used later to download your certificate should you need it.
2. Open the myqnapcloud app on your NAS
3. Click on SSL Certificate in the left panel
4. Under Let's Encrypt, hit the Download and Install button
5. Enter your myqnapcloud domain name <yourdomain>.myqnapcloud.com and your email address
6. Select Automatically Renew should you want. Probably best.
7. Click on confirm & wait a little
8. Enjoy all that SSL goodness!

I assume that the above should work in the vast majority of cases. :)
References to help Forum search: https://letsencrypt.org/, https://www.sslforfree.com/

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Wed Apr 17, 2019 6:47 am
by aloharaz
nobody wants to use myqnapcloud **. I want to use my own fixed IP and domain name!!!
qnap.myowndomain.com for example.

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Wed Apr 17, 2019 3:28 pm
by Toxic17
aloharaz wrote: Wed Apr 17, 2019 6:47 am nobody wants to use myqnapcloud **. I want to use my own fixed IP and domain name!!!
qnap.myowndomain.com for example.
I suggest you use this then.

viewtopic.php?f=320&t=132911

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Fri Jun 14, 2019 3:40 pm
by terrytse
use Let's Encrypt SSL Certificate with own domain name

On Qnap
1. Enable Web Server with port 80. Control Panel --> Applications --> Web Server
2. Ensure Qnap System port is not using port 80. Control Panel --> System --> General Setting --> System Port is not port 80

On your router
3. create a port forward rule, forward external port 80 to internal port 80, server is your qnap

On you Browser
4. test web access to your qnap public ip or FQDN, http://your_qnap_ip:80
5. make sure it will not redirect to your Qnap admin login page

On Qnap
6. download and install Let's Encrypt SSL Cert, Control Panel --> System --> Security --> Certificate & Private Key, click "Replace Certificate" --> get from Let's Encrypt
7 . enter your own domain name qnap.myowndoamin.com and your email address


i am able to install Let's Encrypt SSL Cert by doing above.


** tested enable "force secure connection (HTTPS) only" under Control Panel --> System --> General Setting, seem it will break

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Wed Jul 03, 2019 5:16 am
by SenseoHasser
Thanks for this guide!

Is there a way to auto-renew the certificate?

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Thu Jul 18, 2019 6:43 am
by kirilly
Hi, I've managed to trick Chrome SSL using local network address with Let's Encrypt certificate + editing hosts (making "https" icon NOT crossed out ie. certificate considered valid):
1.Followed "Let's Encrypt SSL Certificate Idiot's Guide" by using myqnapcloud (I have error by missing port 80 etc. with Control Panel --> Applications --> Web Server)

2.Added to hosts file:

Code: Select all

192.168.1.2:443 my-id.myqnapcloud.com
(or whatever your local NAS IP and port is)

3.Followed the URL:

Code: Select all

https://my-id.myqnapcloud.com:443
Hope this will help!

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Sat Jul 27, 2019 6:42 am
by drock_in_nc
I was getting the port 80 error. Turned out to be I had the checkbox to force only HTTPS connection checked on the webserver. Once I removed that setting I was able to redo my certificate and all my sub alt names.

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Mon Jul 29, 2019 4:09 am
by goodelyfe
Control Panel --> System --> Security --> Certificate & Private Key, click "Replace Certificate"


if you are using this method, where are the certs placed?

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Wed Feb 26, 2020 7:02 pm
by valba
In order to automatically update your NAS with several domain names (*.myqnapcloud.com and/or *.whatevercloud.* domain name you use), the following script worked for me like a charm:

https://github.com/Yannik/qnap-letsencrypt

I hope it helps.

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Wed Mar 04, 2020 9:58 pm
by giorginus80
terrytse wrote: Fri Jun 14, 2019 3:40 pm
On your router
3. create a port forward rule, forward external port 80 to internal port 80, server is your qnap
After the script of Yannik is running to renew we need to keep the router forward to 80 or can we only keep the 443 for the renew?

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Sun Aug 30, 2020 8:29 pm
by goliash
:!: :!: :!: You have to disable the Virtual Hosts in Control Panel --> Application Servers --> Web Server before getting certificate from Let's Encrypt via Control Panel --> System --> Security --> Certificate & Private Key, otherwise you'll get some wierd error. Once certificate is issued and installed on NAS, you can turn Virtual Hosts on again.

Other think I've found out as issue are UPnP rules set up by my QNAP on my home router. It should be ok if you have just one QNAP NAS on your network, but I have more of them and they somehow changed my defined rules on port forwarding, so port 80 and 443 ended on the wrong NAS.

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Sat Oct 03, 2020 1:51 am
by eight13atnight
I'm experiencing some of the same issues mentioned in this thread, but with different results.

1) I've disabled Web server: Control Panel --> Application Servers --> Web Server
2) I have Virtual Host and WebDAV both disabled. Control Panel --> Application Servers --> Web Server (tab Virtual Host/WebDAV)
3) I've changed HTTPS Port number back to 443 successfully (From the one I was using to secure my Nas). Control Panel --> System --> General
4) Upon trying to change the HTTP System port back to 80 (this is what I understand needs to happen to allow Let's Encrypt to verify the server) I get an error that "The system port is used by other applications".

I've tried stopping all running applications with no positive results.

No matter what, I can't seem to get the system port to switch BACK to port 80.

Has anyone else experienced this reaction? Would love to hear some idea's to try.

FYI I'm using a Dynamic DNS to direct traffic to the server. Typically my address is https://[my server].ddns.net:[my port]. It's been working fine (and still does, although with the expired SSL certificate I get a risk message every time).

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Sat Nov 14, 2020 11:58 pm
by rodrigocatarino
Hi all,

I was trying to use the lets encrypt certificate on my TS-639 but i am stuck on step "4. Under Let's Encrypt, hit the Download and Install button"
I dont see the option.

As i mentioned above, my qnap is a TS-639 running firmware 4.2.6 from 2020/08/21.

Is the issue my TS-639 and the firmware version?

Thanks in advance.
Rodrigo

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Tue Nov 24, 2020 7:21 am
by Doozer
Has anyone managed to create and download a Lets Encrypt cert for the [youraccount].myqnapcloud.com domain via the myqnapcloud app on QNAP for the last three months?

Re: Let's Encrypt SSL Certificate Idiot's Guide

Posted: Sun Mar 07, 2021 11:15 am
by sfanara
terrytse wrote: Fri Jun 14, 2019 3:40 pm use Let's Encrypt SSL Certificate with own domain name

On Qnap
1. Enable Web Server with port 80. Control Panel --> Applications --> Web Server
2. Ensure Qnap System port is not using port 80. Control Panel --> System --> General Setting --> System Port is not port 80

On your router
3. create a port forward rule, forward external port 80 to internal port 80, server is your qnap

On you Browser
4. test web access to your qnap public ip or FQDN, http://your_qnap_ip:80
5. make sure it will not redirect to your Qnap admin login page

On Qnap
6. download and install Let's Encrypt SSL Cert, Control Panel --> System --> Security --> Certificate & Private Key, click "Replace Certificate" --> get from Let's Encrypt
7 . enter your own domain name qnap.myowndoamin.com and your email address


i am able to install Let's Encrypt SSL Cert by doing above.


** tested enable "force secure connection (HTTPS) only" under Control Panel --> System --> General Setting, seem it will break
I can't move past Step #6 because there's no such "Replace" option where I could then choose a Let's Encrypt Certificate. I am on latest 4.2.6. firmware on a TS 639 pro.

Any help towards resolution would be much appreciated.

Thanks in advance :)