How to renew a paid SSL Certificate (NameCheap) to your Synology NAS

While these instructions were written to explain how you renew an expired paid SSL certificate. It is basically the same process if you are installing a paid certificate for the first time. So you can also use these notes to install a paid SSL certificate on your NAS.

• Sign into Disk Station Manager using your administrators credentials. 
• Select Control Panel – Security – Certificate.
• Choose Settings – Advanced to open a Settings window.
• Now click on Create certificate signing request (CSR).
• We now need to complete the certificate signing request form.
• In Common name enter either your domain or sub-domain name ie mydoodads.com or server.mydoodads.com.
• For the Email field type a valid email address.
• Set your Location.
• State/Province.
• City.
• In Organisation we use our domain name.
• For Department you can type anything but we us NA.
• Now choose Next, and select Download.

Note: You will now need to download your Private key, along with a newly created certificate signing request file. These files will be stored in a folder called Archive, which contain two files server.csr and server.key. So keep them in an easy to access place on your computer.

• We now need to log in to the account where we purchased our SSL certificate. In our example this was NameCheap.
• Choose Account – SSL Certificates.
• To the right of your certificate will be a button called either Renew, Reissue or Activate. This will be dependant on if you are activating your certificate for the first time, or simply renewing it.
• You will be asked for your CSR information.
• Open the server.csr file in your Archive folder.
• Copy the contents of the file and paste it into the CSR field.
• The text will now be validated by NameCheap. You will know that it has worked because the Primary Domain should be the domain or sub-domain name you enter when you were creating your CSR.
• Select Next.
• In DCV Method select the option, receive an email.
• Now make sure the Approve email field is using your email address.
• Select Next.
• On the Review & Submit page check your information.
• Now click Submit.

Note: The status of your paid SSL certificate as you renew it, will change to Pending but you will need to wait for an Email in order to validate your new certificate.

• Open your email and locate your activation email
• Copy the Validation code and click the link to browse to the validation page
• On the SSL certificate validation page, paste the validation code 
• Choose Next
• Close the window and return to your account where we purchased our SSL certificate
• You should see the status of your certificate change to Active
• Locate and click on Download to download the activated certificate to your computer 

• Return to Disk Station Manager.
• In Control Panel – Security – Certificate click on Add.
• Select Add a new certificate and choose Next.
• Make sure Import certificate selected and choose Next.
• In Private Key add your server.key file from your Archive folder.
• For Certificate add the file with a .crt extension from folder containing your activation certificate. 
• Click OK.
• Your new certificate will be listed. Highlight it and select Action – Edit.
• Tick the box Set as default certificate.
• Choose OK.
• Highlight your old certificate and select Action – Delete.
• Test that your SSL certificate has been properly implemented, by checking it in your web browser.

Notes: If you just purchased your SSL certificate from NameCheap, you might find that you can not activate that certificate straight away. However, if you wait (in some instances up to 12 hours) you should be able to activate your certificate.

• Cloudflare article – What is an SSL certificate?
• mydoodads article – How to setup a Synology NAS part 34: Configuring a NAS for External Access.
• mydoodads article – Synology NAS tip | How to manually refresh a Lets Encrypt SSL certificate.