Lets Encrypt DNS-01 Acme Challenge

Discuss with the community any ideas you'd love to see in future DiskStations and DSM updates! We do our best to monitor and forward all of them, but we recommend to also use this form as our team will systematically see your suggestion:
https://www.synology.com/form/inquiry/feature
Forum rules
Synology Community is the new platform for the enthusiasts' interaction, and it will soon be available to replace the Forum.
ds7771
I'm New!
I'm New!
Posts: 9
Joined: Thu Sep 27, 2012 5:10 pm

Lets Encrypt DNS-01 Acme Challenge

Unread post by ds7771 » Tue May 24, 2016 2:25 pm

Please support the DNS-01 Acme Challenge for Lets Encrypt. This will greatly assist those of us who cannot open HTTP port 80 for various reasons.

Currently I have to implement a workaround by using third party scripts (https://github.com/lukas2511/letsencrypt.sh) to create and refresh my certificates using DNS-01 Acme Challenge, and then importing the certificates into Diskstation. I use Task Manager to create a cron job that renews the certificates and rsyncs to a shared folder for me to import manually.

It would be ideal for Synology to support this process automatically as part of DSM.

seopr9utpo
I'm New!
I'm New!
Posts: 7
Joined: Mon May 30, 2016 11:53 pm

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by seopr9utpo » Mon May 30, 2016 11:55 pm

I second this request. It'd be great not to have to hack something together.

leeramsay
I'm New!
I'm New!
Posts: 3
Joined: Tue Jun 12, 2012 2:34 pm

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by leeramsay » Wed Aug 17, 2016 1:48 pm

Or even better, please expose the tools you use to exchange SSL certificates under the hood. That would allow us to run certbot or lets-encrypt.sh ourselves, generate fresh certs, and then use supported synology tools to load the certificates into the control panel.

It would also mean synology wouldn't have to keep up with the agility of the LE project in the gui, just give us the "correct" way to automate loading certs into the system, and we can document/look after the rest ourselves!

aWanderer
Student
Student
Posts: 69
Joined: Sat Aug 11, 2012 1:25 am

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by aWanderer » Tue Dec 06, 2016 2:42 pm

I would also like more support for LE as well. When it comes to Certs, I have no clue what I am doing. 3 yrs ago, I accidentally got a certificate working but it only had a 1 yr. life-span. Since then, I have been operating without, had to move mail back to google, etc. No idea how to get Certs working. Let's Encrypt looks awesome but I do not want to open port 80 perm. I have followed the blogs on Cert for the NAS but all the instructions end up failing for one reason or another.

User avatar
giovannifg
I'm New!
I'm New!
Posts: 6
Joined: Fri Jan 27, 2012 1:04 pm
Location: Bologna, Italy

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by giovannifg » Sun Jan 22, 2017 4:29 pm

Any news on this matter? As many people said the DNS-01 challenge would allow users to keep port 80 shut - keeping it open is a huge security threat for the NAS by the way.
Also, the workaround of using the DSM-provided firewall and only allowing traffic from LetsEncrypt servers is not feasible as the IP addresses from which LetsEncrypt carries out the validation process are subject to change (and this is by design as explained here: https://community.letsencrypt.org/t/ip- ... c_id=12138).
Giovanni

extarys
Trainee
Trainee
Posts: 12
Joined: Fri Oct 28, 2016 6:53 am

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by extarys » Sat Feb 25, 2017 11:16 am

Sorry to bump this

Do we know if Synology is working on implementing this? Here in Quebec, canada, IPS' block port 80, 443 and 8080 (among many other) and I would like to avoid paying for a SSL certificate to encrypt my credentials when I remotely connect to DS Audio or CalDAV.

Through my DNS servers I redirect port 80 to 81 and in my router I route port 81 to port 80 on my NAS.
I mainly want a SSL certificate for DSM port 5001 and other apps like webDAV, cardDAV, etc.

pethson
I'm New!
I'm New!
Posts: 7
Joined: Sat Feb 07, 2015 4:10 pm

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by pethson » Tue Apr 25, 2017 9:50 am

Bumping couse I would also love this feature!

///Peter!

tunnus
I'm New!
I'm New!
Posts: 2
Joined: Thu May 11, 2017 10:32 pm

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by tunnus » Thu May 11, 2017 10:56 pm

ds7771 wrote:Please support the DNS-01 Acme Challenge for Lets Encrypt. This will greatly assist those of us who cannot open HTTP port 80 for various reasons.
I second this, please add support for dns-01 challenge!

Aquajui
I'm New!
I'm New!
Posts: 9
Joined: Tue Jan 14, 2014 4:04 pm

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by Aquajui » Fri May 12, 2017 8:25 am

tunnus wrote:
ds7771 wrote:Please support the DNS-01 Acme Challenge for Lets Encrypt. This will greatly assist those of us who cannot open HTTP port 80 for various reasons.
I second this, please add support for dns-01 challenge!
I third that! please add support for dns-01 challenge!

mforisch
I'm New!
I'm New!
Posts: 5
Joined: Sun Apr 10, 2016 8:54 pm

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by mforisch » Tue Jun 27, 2017 3:17 am

Aquajui wrote:
tunnus wrote:
ds7771 wrote:Please support the DNS-01 Acme Challenge for Lets Encrypt. This will greatly assist those of us who cannot open HTTP port 80 for various reasons.
I second this, please add support for dns-01 challenge!
I third that! please add support for dns-01 challenge!
Add my vote to this

waylon_wang
I'm New!
I'm New!
Posts: 3
Joined: Wed Aug 16, 2017 5:40 pm

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by waylon_wang » Sat Aug 19, 2017 7:49 pm

mforisch wrote:
Aquajui wrote:
tunnus wrote:
I second this, please add support for dns-01 challenge!
I third that! please add support for dns-01 challenge!
Add my vote to this

+1

elitistphoenix
I'm New!
I'm New!
Posts: 2
Joined: Tue May 26, 2015 5:12 am

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by elitistphoenix » Thu Sep 07, 2017 2:11 am

waylon_wang wrote:
mforisch wrote:
Aquajui wrote:
I third that! please add support for dns-01 challenge!
Add my vote to this

+1
+1

ATLief
Trainee
Trainee
Posts: 11
Joined: Tue Nov 28, 2017 5:00 am

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by ATLief » Tue Mar 13, 2018 9:40 pm

bump

TAJPAN
I'm New!
I'm New!
Posts: 1
Joined: Sat Mar 10, 2018 10:24 am

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by TAJPAN » Wed Mar 14, 2018 11:27 am

+11111

Please Add this feature to DSM.

nitroxaddict
I'm New!
I'm New!
Posts: 7
Joined: Fri Jul 05, 2013 12:39 pm

Re: Lets Encrypt DNS-01 Acme Challenge

Unread post by nitroxaddict » Sun Jul 01, 2018 8:17 am

+1

Post Reply

Return to “Feature Requests & Product Improvement Suggestions”