- Control Panel -> User -> Create -> Enter a name and password (e.g: Name = "certadmin")
- Add user to "administrators" group.
- Deny access to all shared folders and applications (No access - Deny).
- Done.
- Google Domain -> example.com -> Security
- ACME DNS API -> Create token
- Copy the API token (e.g: UWRMY1JXOUp0cjBlYmhibmtJZm05dw==). Note that, it is only displayed once.
- Control Panel -> Terminal & SNMP -> Enable SSH service
- Login via SSH with your newly created admin user.
- Download acme.sh to /usr/local/share/acme.sh/
wget -O /tmp/acme.sh.zip https://github.com/acmesh-official/acme.sh/archive/refs/heads/master.zip
sudo 7z x -o/usr/local/share /tmp/acme.sh.zip
sudo mv /usr/local/share/acme.sh-master/ /usr/local/share/acme.sh
sudo chown -R certadmin /usr/local/share/acme.sh/
- Set environment variables for Google Domain and ACME DNS API:
sudo -i
cd /usr/local/share/acme.sh
./acme.sh --install --force -m [email protected]
export GOOGLEDOMAINS_ACCESS_TOKEN="generated-access-token"
./acme.sh --issue --dns dns_googledomains -d *.example.com
- Set deployment options for Synology DSM:
export SYNO_Username="certadmin"
export SYNO_Password="P@ssw0rd"
export SYNO_Certificate="*.example.com"
export SYNO_Create=1
- Deploy the certificate into Synology DSM:
./acme.sh -d "*.example.com" --deploy --deploy-hook synology_dsm
- Go to Control Panel -> Security -> Certificate and set the new certificate as default.
- Control Panel -> Task Scheduler
- Create -> Scheduled Task -> User-defined script
- General: Give the task a name, set User = "certadmin" and check "Enabled"
- Schedule: Run on the following date -> Repeat monthly
- Task Settings: Insert the following scripts to "User-defined script":
/usr/local/share/acme.sh/acme.sh --cron --home /usr/local/share/acme.sh