SSL/TLS

The following guides assume you are using namecheap.com as your domain registrar, but the process should be similar for other registrars.

Activate/renew certificate

First you need to get a CSR (Certificate Signing Request) from DSM, e.g. for renewal:

• Control Panel → Security → Certificate

• Click on Renew

• Copy the CSR (Certificate Signing Request)

See: Domain & CSR code setup for Synology NAS

Registrar (i.e. namecheap.com)

• SSL Certificates → Manage

• Click on Activate/Reissue

• Paste the CSR got from DSM (above)

• Choose CNAME record add

• Get the record name and value

• Domains List → Domain → Advanced DNS

• Add CNAME record

  • Host: copy ID here without the suffix "."

  • IP Address: copy host here replacing ".comodoca.com" with ".sectigo.com"

See: Steps to get the SSL certificate activated

DSM

• Control Panel → Security → Certificates

• Select Add/Replace

• Import certificate

  • From archive.zip downloaded when generating CSR:

    • Private Key: server.key

  • From .zip downloaded from namecheap:

    • Certificate: .crt

    • Intermediate Certificate: .ca-bundle

See: - Installing an SSL certificate on Synology NAS