Automatic SSL renewal with Let’s Encrypt on DSM 5.x / Synology Diskstation via Dreamhost with dns-01 verification

Adapted from https://www.naschenweng.info/2017/01/06/automatic-ssl-renewal-encrypt-dsm-5-x-synology-ds1010-dns-01-verification/

SSH into your Synology as root
```
$ ssh [email protected]
```
First we will install acme.sh – for this you need SSH / Telnet access into your Synology.
```
cd /tmp
curl -L -o /tmp/master.tgz https://github.com/Neilpang/acme.sh/archive/master.tar.gz
tar xvf master.tgz
cd acme.sh-master/
./acme.sh --install --nocron
```
The above downloads the acme.sh installer and then installs it with the “nocron”-option (since my Synology does not have a scheduler running which is supported by acme.sh). The installer completes quickly:
Close and then re-open the terminal
```
exit
ssh [email protected]
```
After you closed and re-opened the terminal, we then configure acme.sh to automatically update itself:
```
acme.sh --upgrade --auto-upgrade
```
Create an API Key at Dreamhost with All dns functions
Add the API key using
```
export DH_API_KEY="<api key>"
```
Issue a certificate using
```
acme.sh --issue --dns dns_dreamhost -d my.synology.tld
```
The 'DH_API_KEY' will be saved in ~/.acme.sh/account.conf and will be reused when needed.
Add a Crontab entry via vi /etc/crontab
```
3       2       *       *       2       root    /root/.acme.sh/acme.sh --cron
```
Everyone forgets how to exit vi. Use esc :wq to quit and save or esc :q! to quit without saving

Older Synology’s had issues with the format of the crontab – so make sure that you use tabs between the sections.
Run the cronjob to verify that everything is fine:
```
/root/.acme.sh/acme.sh --cron
```

jwcobb/SynologyLetsEncrypt.md