Members Area
BlueSky
Members Area
Search
Latest Posts
@Ko-Fi
Buy us a Ko-Fi
@PayPal
Or support us via PayPal
@Amazon
Or buy from Amazon to help keep this site ad free
@contact
email us directly
How to renew a paid SSL Certificate (NameCheap) to your Synology NAS
What Are You Looking For?
Recommended for you

How to renew a paid SSL Certificate (NameCheap) to your Synology NAS

Play

To boost the security of your Synology NAS, you should definitely get an SSL certificate. But here’s the thing, some certificates expire over time. So, in this guide, we’ll show you how to renew a paid SSL certificate on your Synology NAS.

When you set up your Synology NAS, it creates a self-signed SSL certificate by default. But since it’s not verified by a third party, it won’t be trusted. If you want to share your NAS with the internet, you should use a full SSL certificate instead.

You can get a free SSL certificate from Lets Encrypt, which will automatically renew itself every three months. However we prefer to use a paid SSL certificate. The main reasons to use a paid SSL certificate, is that it will work with either a static IP address or a domain name. A paid SSL certificate will also come with technical support, a warranty that’ll cover you if the certificate fails, and it’s been more thoroughly checked.

However the main drawback of a paid SSL certificate, is that while it can last up to 5 years, that certificate will have to be renewed every 12 months. Which due to the complicated process needed to renew an SSL certificate, is the reason we made these notes.

Quick reference notes

While these instructions were written to explain how you renew an expired paid SSL certificate. It is basically the same process if you are installing a paid certificate for the first time. So you can also use these notes to install a paid SSL certificate on your NAS.

  • Sign into Disk Station Manager using your administrators credentials. 
  • Select Control Panel – Security – Certificate.
  • Choose Settings – Advanced to open a Settings window.
  • Now click on Create certificate signing request (CSR).
  • We now need to complete the certificate signing request form.
  • In Common name enter either your domain or sub-domain name ie mydoodads.com or server.mydoodads.com.
  • For the Email field type a valid email address.
  • Set your Location.
  • State/Province.
  • City.
  • In Organisation we use our domain name.
  • For Department you can type anything but we us NA.
  • Now choose Next, and select Download.

Note: You will now need to download your Private key, along with a newly created certificate signing request file. These files will be stored in a folder called Archive, which contain two files server.csr and server.key. So keep them in an easy to access place on your computer.

Renewing your existing SSL certificate
  • We now need to log in to the account where we purchased our SSL certificate. In our example this was NameCheap.
  • Choose Account – SSL Certificates.
  • To the right of your certificate will be a button called either RenewReissue or Activate. This will be dependant on if you are activating your certificate for the first time, or simply renewing it.
  • As we are reissuing an expired certificate we use Reissue.
  • We are asked for the specific domain or subdomain which should already be set. So we can click Next.
  • In Choose how to issue and install the certificate we selected Manually.
  • You will be asked for your CSR information.
  • Open the server.csr file in your Archive folder.
  • Copy the contents of the file and paste it into the CSR field.
  • The text will now be validated by NameCheap. You will know that it has worked because the Primary Domain should be the domain or sub-domain name you enter when you were creating your CSR.
  • Select Next.
  • In DCV Method select the option, receive an email.
  • Now make sure the Approve email field is using your email address.
  • Select Next.
  • On the Review & Submit page check your information.
  • Now click Submit.

Note: The status of your paid SSL certificate as you renew it, will change to Pending but you will need to wait for an Email in order to validate your new certificate.

Validating your SSL certificate
  • Open your email and locate your activation email.
  • Copy the Validation code and click the link to browse to the validation page.
  • On the SSL certificate validation page, paste the validation code .
  • Choose Next.
  • Close the window and return to your account where we purchased our SSL certificate.
  • You should see the status of your certificate change to Active.
  • Locate and click on Download to download the activated certificate to your computer.
Creating new SSL certificate on your Synology NAS
  • Return to Disk Station Manager.
  • In Control Panel – Security – Certificate click on Add.
  • Select Add a new certificate and choose Next.
  • Make sure Import certificate selected and choose Next.
  • In Private Key add your server.key file from your Archive folder.
  • For Certificate add the file with a .crt extension from folder containing your activation certificate. 
  • Click OK.
  • Your new certificate will be listed. Highlight it and select Action – Edit.
  • Tick the box Set as default certificate.
  • Choose OK.
  • Highlight your old certificate and select Action – Delete.
  • Test that your SSL certificate has been properly implemented, by checking it in your web browser.

Notes: If you just purchased your SSL certificate from NameCheap, you might find that you can not activate that certificate straight away. However, if you wait (in some instances up to 12 hours) you should be able to activate your certificate.

Reference materials

Read Next