Domoticz with SSL on Synology

On various Hardware and OS systems: pi / windows / routers / nas, etc

Moderator: leecollings

Post Reply
User avatar
Antori91
Posts: 136
Joined: Sunday 12 February 2017 17:12
Target OS: NAS (Synology & others)
Domoticz version: 4.10717
Location: France
Contact:

Domoticz with SSL on Synology

Post by Antori91 »

Hello forum,

I'm a new Domoticz (v. 3.5877) user on Synology (DS216j with DSM 6.0.2-8451 Update 9). My Synology has a Let's encrypt certificate and does https for DSM.

But I can't use https access (on 8443 port) to Domoticz (Normal http access is Ok). Chrome warns about the certificate/site and go to normal http, it doesn't do this for the same IP address but DSM port number. Even if I have red the Domoticz manual, it's still not clear about how to enable https access. Could you give me a link or information about this issue. Thanks in advance.

Regards,
Antori91
PS : I use Domoticz in an Home alarm system. The alarm server is a Raspberry and I use Domoticz as a client synchronized to the Raspberry using PubNub (PubNub Sdk Node.js on Synology and C/C++ Sdk on Raspberry).
Domoticz 3.5877
DS216j
DSM 6.0.2-8451 Update 9
Domoticz High Availability Cluster: Synology Dz V4.10693 (Main) - Raspberry Dz V4.10717 (Backup) - Scripts Node.js
Alarm server: Raspberry - motionEye - iot_ALARM-SVR Node.js
Sensors/Actuators: ESP8266-Arduino
https://github.com/Antori91/Home_Automation
User avatar
Antori91
Posts: 136
Joined: Sunday 12 February 2017 17:12
Target OS: NAS (Synology & others)
Domoticz version: 4.10717
Location: France
Contact:

Re: Domoticz with SSL on Synology

Post by Antori91 »

Issue solved. To setup ssl, I followed instructions given at http://www.domoticz.com/wiki/Native_sec ... ts_Encrypt . But this help page seems to be incomplete : it is missing the fact you must insert certificate along privkey, fullchain and DH.

Add the certificate to Domoticz
The last thing to do is adding the created certificate to Domoticz. This is easily done with the following commands:
sudo rm ~/domoticz/server_cert.pem
sudo cat /etc/letsencrypt/live/<your domain>/privkey.pem >> ~/domoticz/server_cert.pem
sudo cat /etc/letsencrypt/live/<your domain>/fullchain.pem >> ~/domoticz/server_cert.pem
When there's a domoticz error after rebooting the service like : Error: [web:443] missing SSL DH parameters
from file Add the DHparam :
sudo cat /etc/ssl/certs/dhparam.pem >> ~/domoticz/server_cert.pem
Domoticz High Availability Cluster: Synology Dz V4.10693 (Main) - Raspberry Dz V4.10717 (Backup) - Scripts Node.js
Alarm server: Raspberry - motionEye - iot_ALARM-SVR Node.js
Sensors/Actuators: ESP8266-Arduino
https://github.com/Antori91/Home_Automation
User avatar
felix63
Posts: 244
Joined: Monday 07 December 2015 9:30
Target OS: Raspberry Pi / ODroid
Domoticz version: 2020.1
Location: Gouda
Contact:

Re: Domoticz with SSL on Synology

Post by felix63 »

HI,

Tried to do this but at
sudo cat /etc/ssl/certs/dhparam.pem >> ~/domoticz/server_cert.pem
I get an error:

Code: Select all

cat: /etc/ssl/certs/dhparam.pem: No such file or directory
Any idea how to solve this?

Cheers,
Lex
User avatar
felix63
Posts: 244
Joined: Monday 07 December 2015 9:30
Target OS: Raspberry Pi / ODroid
Domoticz version: 2020.1
Location: Gouda
Contact:

Re: Domoticz with SSL on Synology

Post by felix63 »

To answer my own question: by first generating the dhparam file with:

Code: Select all

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
NewFolk
Posts: 39
Joined: Wednesday 02 September 2015 11:47
Target OS: Raspberry Pi / ODroid
Domoticz version:
Contact:

Re: Domoticz with SSL on Synology

Post by NewFolk »

I done export certificate from Synology and add them by

Code: Select all

cat privkey.pem >> server_cert.pem
cat chain.pem >> server_cert.pem
cat /etc/ssl/certs/dhparam.pem >> server_cert.pem
But I see
Error: WebServer(SSL) startup failed on address 0.0.0.0 with port: 4443: use_private_key_file: key values mismatch

in log after

Code: Select all

./domoticz -www 8080 -sslwww 4443 -sslcert /home/pi/certificate/server_cert.pem
Any suggestion ?
pvm
Posts: 550
Joined: Tuesday 17 June 2014 22:14
Target OS: NAS (Synology & others)
Domoticz version: 4.10538
Location: NL
Contact:

Re: Domoticz with SSL on Synology

Post by pvm »

Is it possible to add an SSL certificate without using the command line, but using DSM?
I know I can add one, but do not now how to couple this to domoticz instance
Synology NAS, slave PI3, ZWave (Fibaro), Xiaomi zigbee devices, BTLE plant sensor, DzVents, Dashticz on tablet, Logitech Media Server
spoutnik
Posts: 2
Joined: Sunday 19 November 2017 16:39
Target OS: NAS (Synology & others)
Domoticz version:
Contact:

Re: Domoticz with SSL on Synology

Post by spoutnik »

hi,
I'm a new user of domoticz. i'm using domoticz on my Synology Nas. I Have SSL certificate on my Nas thanks to let's encrypt. I don't know much about linux...

I'm trying to configurate SSL on domoticz but have a few difficulties and questions.

First, I tried, as you said, to mix the "how to" and the info you gave on this thread. I used Putty, but I always have errors, such as the file your looking for doesn't exist in that place.

so I tried with winscp to find the certificat files and do what i had understand of the How to. no more luck, winscp can't because of permission, if I read well on that subject.

So my questions:
- on http://www.domoticz.com/wiki/Native_sec ... ts_Encrypt, it's said to create certificat, can't I use the one I have on the NAS that I can export ?

- second questions, does the place of the certifcate can have change ? I have a @appstore/domoticz on my Nas. not ~/domoticz/server_cert.pem

thanks to all of you for your time or your help If you can.

Spoutnik.
User avatar
Dax1900
Posts: 4
Joined: Thursday 11 January 2018 13:18
Target OS: NAS (Synology & others)
Domoticz version: 2021.1
Contact:

Re: Domoticz with SSL on Synology

Post by Dax1900 »

Hi all<

I'm still having problems getting mijn Synology certificate to work with Domoticz. I wonder if somebody can drop me some tricks.
This is what I've done:

- exported my working Let's Enscript certificate and copied it to the root home directory using WinSCP.
- stopped te package Domoticz in the DSM console
- renamed the file /volume1/@appstore/domoticz/server_cert.pem to /volume1/@appstore/domoticz/server_cert.pem.orig
- logged on as root via SSH op putty
- cat /root/privkey.pem >> /volume1/@appstore/domoticz/server_cert.pem
- cat /root/chain.pem >> /volume1/@appstore/domoticz/server_cert.pem

dhparam.pem didn't exist so I generated it as stated above
- openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 #took more than 2 hours!!
- cat /etc/ssl/certs/dhparam.pem >> /volume1/@appstore/domoticz/server_cert.pem

Unfortunately it didn't fly. This is what was in the log:
WebServer(HTTP) started on address: :: with port 8084
Error: WebServer(SSL) startup failed on address 0.0.0.0 with port: 8443: use_private_key_file: key values mismatch
Error: WebServer(SSL) check if no other application is using port: 8443

I'm lost... many thanks for any tips and tricks!!
Fabian
Posts: 1
Joined: Monday 12 February 2018 9:47
Target OS: Raspberry Pi / ODroid
Domoticz version:
Contact:

Re: Domoticz with SSL on Synology

Post by Fabian »

The contents of your PEM file might be in the wrong order. I've been struggling with this also this morning on a raspberry pi. The documentation isn't very explicit about 'fullchain', but the contents should be as follows:

Code: Select all

-----BEGIN PRIVATE KEY-----
private key
-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
the actual certificate
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
one or more chain certificates depending on your root CA
-----END CERTIFICATE-----

-----BEGIN DH PARAMETERS-----

-----END DH PARAMETERS-----
jmav
Posts: 1
Joined: Sunday 11 March 2018 20:05
Target OS: NAS (Synology & others)
Domoticz version:
Contact:

Re: Domoticz with SSL on Synology

Post by jmav »

spoutnik
Posts: 2
Joined: Sunday 19 November 2017 16:39
Target OS: NAS (Synology & others)
Domoticz version:
Contact:

Re: Domoticz with SSL on Synology

Post by spoutnik »

hi all,
I retry my chance.
thx to dax1900 i try again.

but from the begining nothing works. it seems that since a few time we can't acces root with winscp. so I put the file in another directory, but then putty says the files or directory doesn't exist...

maybe if someone did it he might help ?

thanks for your help.

best regards.
Quadrifoglio
Posts: 3
Joined: Wednesday 06 September 2017 10:53
Target OS: NAS (Synology & others)
Domoticz version: 4.10538
Location: Czech Republic
Contact:

Re: Domoticz with SSL on Synology

Post by Quadrifoglio »

Hi,
this works, if you have letsencrypt as default cert:

Code: Select all

sudo -i
(enter password for "admin")
rm /volume1/@appstore/domoticz/server_cert.pem
cat /usr/syno/etc/certificate/system/default/privkey.pem >> /volume1/@appstore/domoticz/server_cert.pem
cat /usr/syno/etc/certificate/system/default/fullchain.pem >> /volume1/@appstore/domoticz/server_cert.pem
User avatar
Dax1900
Posts: 4
Joined: Thursday 11 January 2018 13:18
Target OS: NAS (Synology & others)
Domoticz version: 2021.1
Contact:

Re: Domoticz with SSL on Synology

Post by Dax1900 »

Great post Quadrifoglio!! Thanks!
User avatar
Louk
Posts: 17
Joined: Sunday 14 July 2019 13:25
Target OS: Raspberry Pi / ODroid
Domoticz version: 2022.2 β
Location: Alkmaar, The Netherlands
Contact:

Re: Domoticz with SSL on Synology

Post by Louk »

Indeed, a great post, because the file in /volume1/@appstore/domoticz/server_cert.pem is the one that is used to configure SSL web service for Domoticz (that is, when you installed the Jadahl distribution).

In my case, I created a certificate by configuring a host name in the Synology.me domain, by adding a Dynamic DNS entry (DDNS). When you follow this procedure, a Let's Encrypt certificate is created and installed as the default SSL certificate on your NAS for the domain <serverName>.synology.me. Replace <serverName> by the name you assigned as your host name for the NAS; I used the same name as I used for the QuickConnect.to name. You can use this domain to access your NAS from the Internet over a secure connection and even supply a alternate port address, like e.g. 6144 to access your Domoticz server on your Synology NAS.

You will need this all to use Domoticz on your Garmin Watch with the Garmoticz app: Garmin doesn't allow the use of plain HTTP and enforces HTTPS.

So This is about what you need to do:
  • Configure a new DDLS using scenario 1 in capter 4.1 as described here (this includes the creation of a system's default SSL certificate)
  • Open a CLI session on your NAS (e.g. by using PuTTY) and apply the commands from Quadrifoglio's post (copy and paste will do just fine).
  • Repeat this after each Domoticz update.
Have fun,
Louk
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest