Let's Encrypt Renewal for Older Devices

warnesj · Post by **warnesj** » Sat Dec 18, 2021 8:30 am

Hi all. On my TS-669 Pro running QTS v4.3.4.1652 I had the same issue that many have posted regarding being unable to renew my Let's Encrypt SSL certificate. It took a bit of time to piece together the available information, but it was a post from the user goliash (viewtopic.php?f=313&t=144434&start=15#p800345) that got me got me pointed in the right direction and I was able the piece together the rest.

Ultimately, as goliash mentions, the reason I was unable to renew my certificate was because the root CA from Let's Encrypt has changed and my current QTS version doesn't recognize the change. So I tweaked the instructions goliash shared with updated links in the hope it may help others. So here is what I did:

Connect to the NAS via SSH (steps to connect to your NAS via SSH can be found here).
Rename your existing rootca.pem file by typing,
Code: Select all
```
mv /etc/ssl/certs/rootca.pem /etc/ssl/certs/rootca.pem.old
```

Download the new rootca.pem file by typing,

Code: Select all

wget https://download.qnap.com/Storage/tsd/webfaq/rootca.pem -P /etc/ssl/certs

Adjust the file permissions by typing,
Code: Select all
```
chmod 600 /etc/ssl/certs/rootca.pem
```
Disconnect your SSH session from your NAS.

Then I was able to renew my certificate manually through the web administration application. I'm presuming now that the root CA for Let's Encrypt is trusted again that the autorenewal process should work again. I guess time will tell.

Hope this helps others.