SSL on Synology NAS

Hello all and thank you in advance for your help.
I have just recently signed up with CloudFlare and so far everything is working great.
I am trying to get the SSL working between My Synology NAS device and CloudFlare.

The issue I am having is that whether I try to do the export method of my Self-Signed Certificate or get a CloudFlare “Origin” certificate created I don’t seem to end up with the correct number of files.

I think the best would be the CloudFlare “Origin” certificate. But that only seems to give me 2 files. A “Key” file and a “Cert” file. When I try to create the SSL on Synology NAS there is a wizard that let’s me “Import” it. But it asks for the “Key” file, “Cert” file and an “Intermediate Cert” file.

I am not sure what to do about that last file?

Thank you.

Carl

You can use the appropriate Origin CA Root file available here:

Pick RSA or ECC to match the type of certificate you generated.

Thank you for your help. That seems to have worked partially. The Synology NAS has accepted the certificate and it appears that any subdomains on my server are not working and encrypted. However the main domain for some reason now will not load. It has the SSL Lock to show it is secure but it loads with Error 522 connection timed out. Now this is to get into the DSM & Other services.

So any subdomain I have created eg. sub.domain.ca seems to work find and is encrypted.
however any of the services I try to get to which would be domain.ca/service (eg. note, downloads, music etc…) all come up with the 522 error.

I have checked everywhere and the only reference I could find was for “HSTS” which I have verified is not enabled.
The main difference between the sub domains and the main one is that they are all created as “Virtual Hosts” via the web station app.

Again any help much appreciated. Thanks

Oops. that second line should read “now working and encrypted”.

Sorry just to clarify that last part. The “Sub” domains are created via the Web Station as “Virtual Hosts”. The main domain interface just is? I am not sure how to make any real changes to it (PHP engine etc…)

Any other suggestions? My site is jctterra.ca on the same NAS I also have veneco.ca which seems to work fine.
Thanks.

Carl

Additional update. It seems that if I Pause Cloudflare on my site then it works. When I reenabled it I now receive a different / related message stating that there are too many redirects or the same Error 522?

Carl

Is your SSL mode already on at least Full mode?

Thanks for your response. Have tried both flexible and full modes.
I just reenabled it for another test and switched it to full. Am now getting the error 522 connection timed out again.
It was working all day while CloudFlare was “Paused”.

Carl

Not sure what happened here, but I guess you need to contact Cloudflare Support regarding this issue.

Yeah. Was hoping someone would have an idea in the forum. But I guess I will send a support e-mail to CloudFlare.

Thanks.

Carl

1 Like

With some additional investigation I have discovered that if I turn off the built in Dos Protection in my Asus RT-AX92U Router the errors seem to go away? I found a document that seems to indicate I can add CloudFlare IP addresses to my router’s white list. ( IP Ranges | Cloudflare UK ) However I don’t see anywhere in the Router settings to do that?
Does CloudFlare take care of any DOS attacks? Is it safe for me to leave this turned off?

Thanks again all.

Carl

This topic was automatically closed after 30 days. New replies are no longer allowed.