Computing/Running my own CA
From Cricalix.Net
- Use step-ca in docker on Synology NAS
- Add the acme provider per the docs
- Export out the root CRT file, will need it for trust everywhere
HomeAssistant
- Update the http config to allow trusted reverse proxies
- Install the Caddy2 add-on from https://github.com/einschmidt/hassio-addons
- Add a Caddyfile that specifies the local CA
- Ensure the Caddyfile points to the exported CA certificate in somewhere like /config
- Start Caddy2 and it should successfully retrieve a certificate
Synology
To add TLS/SSL to the NAS itself,
- Copy the cert to /var/db/ca-certificates, named .crt, 0644
- Run update-ca-certificates.sh
- Grab acme.sh from Github -
wget https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
- Install to /usr/local/share/acme.sh/
- Run
/usr/local/share/acme.sh/acme.sh --issue --home /usr/local/share/acme.sh -d vault.home.arpa --server https://vault.home.arpa:9000/acme/acme/directory --webroot /var/lib/letsencrypt
- Set SYNO_Username, SYNO_Password
/usr/local/share/acme.sh/acme.sh --deploy --home /usr/local/share/acme.sh -d vault.home.arpa --deploy-hook synology_dsm
- Add a Task Scheduler entry to run
/usr/local/share/acme.sh/acme.sh --cron --home /usr/local/share/acme.sh/
frequently. step-ca defaults to 24 hours, so every 4 hours should ensure the certificate stays updated.