[Use Synology default certificate for Syncthing Web UI] #synology #sysadmin

synology_syncthing_certificate.md

This how-to has been tested using a Synology DS214play nas with DSM 6.X and Syncthing v1.1.4.

Default Synology certificate and private key (e.g., released by Let's Encrypt) at this path: /usr/syno/etc/certificate/system/default/{cert.pem|privkey.pem}.

After installing Syncthing using synocommunity.com repository, its self-signed certificate will be at this path: /volume1/@appstore/syncthing/var/. This directory contains the priv-pub key to identify the device (cert.pem and key.pem) and the certificate and private key for the web interface (https_cert.pem and https_key.pem). We need to replace these last two with the Synology's ones.

Backup Syncthing certificate:

$ sudo su
# cd /volume1/\@appstore/syncthing/var/
# mv https_cert.pem https_cert.pem.bk
# mv https_key.pem https_key.pem.bk

Now let's copy Synology's certificate here:

# cp /usr/syno/etc/certificate/system/default/cert.pem /volume1/\@appstore/syncthing/var/https_cert.pem
# cp /usr/syno/etc/certificate/system/default/key.pem /volume1/\@appstore/syncthing/var/https_key.pem

We also need to change the owner and permissions for the new files:

# cd /volume1/\@appstore/syncthing/var/
# chown sc-syncthing:syncthing https_cert.pem
# chown sc-syncthing:syncthing https_key.pem
# chmod 640 https_cert.pem
# chmod 600 https_key.pem

That's it. Now restart Syncthing and its web gui (reachable at port 8384) will have the right certificate

It works on DS418play with DSM 7.1-42661 at different path and group.

# cp -f /usr/syno/etc/certificate/system/default/RSA-cert.pem /volume1/\@appdata/syncthing/https-cert.pem
# cp -f /usr/syno/etc/certificate/system/default/RSA-privkey.pem /volume1/\@appdata/syncthing/https-key.pem
# chown sc-syncthing:synocommunity /volume1/@appdata/syncthing/https-*.pem