Enjoying automatic Let’s Encrypt certificate renewal

It is when you start your weekend and notice that your certificates expired, that you start spending your free time on things you actually don’t want to do.
It is when using DSM’s Let’s Encrypt support and a reverse proxy approach for Tomcat, that you actually get to enjoy a sunny Saturday, while your certificates get updated automatically and everything keeps on working without your intervention.
Technology… it’s a good thing 🙂

2 thoughts on “Enjoying automatic Let’s Encrypt certificate renewal”

  1. Hi there!
    I ran into your blog while looking for information on how to secure my wordpress blog on my DiskStation. I have it all set, just that when I delete the “s” out of “httpS://”, it just loads as unsecured http. I tried the same with your blog with the same result :). Is this something you perhaps tried to solve too or does it just not bother you? 🙂
    Thanks for this blog, appreciate it as a source for my own DiskStation projects!
    Best,
    Jiri

    1. Hey Jiri!
      Thanks for your feedback! I am very happy that my blog can serve as a source for other DiskStation users! 🙂

      About your questoin:
      I am aware of the issue and it actually does bother me a little 😀

      There is a setting in DSM. Control Center -> Network -> DSM-Settings. You can activate an automatic redirect from http to https.
      However I did not use this because it does not apply to Web Station and Photo Station and I loose the ability to use the local hostname of my DS in my local network, because the local hostname is not listed in the certificate, obviously.

      If you use Apache as Web Station back end, you can try with an .htaccess file, looking like this:

      RewriteEngine On
      RewriteCond %{HTTPS} !on
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
      

      Maybe you can achieve what you are looking for this way? Let me know how it went 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.