Skip to content

Synology

SSL Certificate

Automated task

Synology's "Scheduled Task" should handle the renewal of SSL certificates automatically. This section is written for future reference.

We installed a copy of acme.sh at /usr/local/share/acme.sh to issue SSL certificates and automatically deploy it to Synology DSM.

A custom "Scheduled Task" is created to run acme.sh daily. The task type is "User-defined script" and we wrote the script for ourselves:

/usr/local/share/acme.sh/cron.sh
#!/bin/sh

cd "$(dirname "$0")"
. ./acme.sh.env
exec ./acme.sh --cron --home .

We use Cloudflare DNS API to verify our domain (see acme.sh wiki), so the issuing command is:

export CF_Token=...
./acme.sh --issue --dns dns_cf -d synology.acsalab.com

The deployment command is:

export SYNO_USE_TEMP_ADMIN=1
acme.sh --deploy -d synology.acsalab.com --deploy-hook synology_dsm

Note that acme.sh saves most of these settings on the disk, so you don't need to specify them every time.

"VPN Center" not shown in Package Center

For reasons known only to themselves, Synology stopped offering VPN Center to mainland China clients since 2023. The package is still available on https://archive.synology.com/download/Package and can be downloaded manually.

Troubleshooting OpenVPN connection

SSH into the Synology server and inspect the RADIUS log at this location:

/var/packages/VPNCenter/target/var/log/radius/radius.log

If it reads

Auth: (0) This IP is blocked.: [user] (from client localhost port 6 cli 1.14.5.14)

Then open Control Panel from the web page, navigate to Security → Protection, open Allow/Block List and remove the IP from the list. Note that the IP list is sorted by time so you may want to go to the last page.

If it reads

Auth: (0) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject)

See question "Cannot connect to OpenVPN: User authentication failed" in FAQ.

You may need to reset LDAP password.

Scheduled tasks

Pay attention when changing the task interval, Synology will automatically change the Last run time which may cause unexpected schedule. Check the next run time after making any change to a task.