Tailscale HTTPS certificate on Synology NAS

submited by
Style Pass
2024-10-01 18:30:04

I recently discovered Tailscale for setting up a private VPN. My main goal was to use it for accessing my Synology NAS at home from anywhere in the world. So far I had kept my home NAS publically accessible from the internet, which had been fine but risky nevertheless.

In order to secure web connections to the Synology DSM and various Docker-based services, I had set up Let’s Encrypt on Synology under my own subdomain. Since my NAS is no longer publically accessible, it cannot obtain new Let’s Encrypt certificates for the subdomain1. Instead, I needed HTTPS certificates for the Tailscale full domain of the NAS.

Tailscale has a guide for setting Tailscale itself up on Synology and a guide for obtaining HTTPS certificates using tailscale cert. Surprisingly, neither documents the best solution, which is the undocumented command

Prior to its introduction, under this Tailscale issue users came up with their own scripts, but using the official command is now the easiest way.

Leave a Comment