Posted on by Mac User

Securing Your Synology NAS: A Step-by-Step Guide to Installing a GoDaddy SSL Certificate

In an era where data privacy is paramount, securing your home or small business network storage is non-negotiable. Synology Network Attached Storage (NAS) devices, running the intuitive DiskStation Manager (DSM) operating system, offer robust features for file sharing, backups, and media streaming. However, by default, they use self-signed certificates that trigger browser warnings and leave connections vulnerable. Enter SSL/TLS certificates from trusted authorities like GoDaddy—these provide encrypted, verified connections, ensuring your data stays safe from eavesdroppers.

This guide focuses on installing a GoDaddy SSL certificate on a Synology NAS running DSM 7 (the current standard as of late 2025). Whether you’re accessing your NAS remotely via a custom domain or just want to eliminate those pesky “Not Secure” alerts, follow these steps carefully. We’ll assume you have administrative access to your NAS and a GoDaddy account. If you’re on DSM 6, the process is similar but check Synology’s legacy docs for tweaks.

Why Bother with a GoDaddy SSL on Your Synology NAS?

Before diving in, a quick rationale:

Compliance: Meets basic standards for business use (e.g., GDPR-lite setups).

Security: Encrypts data in transit, protecting against man-in-the-middle attacks.

Trust: Browsers recognize GoDaddy-issued certs, avoiding warnings.

Remote Access: Essential for safely using QuickConnect alternatives or custom domains.

Prerequisites

Gather these before starting:

  • A Synology NAS with DSM 7+ installed and updated (check via Control Panel > Update & Restore).
  • A registered domain (e.g., yourdomain.com) managed at GoDaddy.
  • Port forwarding on your router: Open ports 80 (HTTP) and 443 (HTTPS) to your NAS’s local IP for domain validation.
  • A static local IP for your NAS (set in Control Panel > Network > Network Interface).
  • Backup your NAS configuration (Control Panel > Update & Restore > Configuration Backup)—just in case.
  • Admin login credentials for DSM and GoDaddy.

Time estimate: 30-60 minutes, plus GoDaddy’s issuance wait (usually instant for paid certs).

Step 1: Set Up DNS for Your Domain

Your NAS needs to be reachable via your domain (e.g., nas.yourdomain.com). This points traffic to your NAS.

  1. Log in to your GoDaddy account and navigate to My Products > Domains.
  2. Select your domain and click DNS (or Manage DNS).
  3. Add an A Record:
    • Host: nas (or @ for root domain).
    • Points to: Your NAS’s public IP (find it via whatismyip.com; use Dynamic DNS if it changes).
    • TTL: 1 hour (default).
  4. Save changes. Propagation takes 5-30 minutes—verify with nslookup nas.yourdomain.com.

Pro tip: If your IP is dynamic, use Synology’s DDNS (Control Panel > External Access > DDNS) and point the A record to that hostname.

Step 2: Generate a Certificate Signing Request (CSR) on Your Synology NAS

The CSR is a “request” file GoDaddy needs to issue your certificate. Generate it directly on the NAS for seamless import.

Step 3: Purchase and Issue the Certificate from GoDaddy

Now, turn that CSR into a shiny SSL cert.

  1. Log in to GoDaddy and go to SSL Certificates > Buy SSL.
  2. Choose your plan (e.g., Standard SSL for single domain).
  3. During checkout, select Generate CSR at GoDaddy? No—paste your custom CSR.
  4. In the CSR field, open your downloaded .csr file in a text editor (e.g., Notepad), copy the entire contents (starts with —–BEGIN CERTIFICATE REQUEST—–), and paste it.
  5. Complete purchase and validation:
    • GoDaddy emails domain ownership verification (e.g., add TXT record to DNS).
    • Verify via GoDaddy’s dashboard (takes minutes).
  6. Once approved, download your certificate package as a ZIP file (includes yourdomain.com.crt, gd_bundle-g2-g1.crtfor chain, and sometimes the key—but use the NAS’s key).

Extract the files. You’ll need the primary .crt and intermediate bundle.

Step 4: Import the GoDaddy Certificate to Your Synology NAS

Back to the NAS—import and activate.

  1. In DSM, return to Control Panel > Security > Certificate.
  2. Click Add > Add a new certificate > Import certificate.
  3. Upload:
    • Private Key: Don’t upload— the NAS already has it from the CSR step. If prompted, it’s auto-linked.
    • Certificate: Select your primary .crt file from GoDaddy.
    • Intermediate Certificate: Select the bundle file (e.g., gd_bundle-g2-g1.crt).
  4. Description: “GoDaddy SSL for NAS”.
  5. Click OK. The cert should appear in the list.

If you see errors (e.g., mismatch), double-check the CSR domain matches the cert.

Step 5: Assign and Configure the Certificate for Services

Apply it where it counts.

  1. Still in Certificate, select your new GoDaddy cert and click Settings (gear icon).
  2. Assign to services:
    • Web Services: Check DSM (HTTP/HTTPS), WebDAV, etc.
    • MailPlus Server, VPN Server: As needed.
  3. Click Apply.

For DSM access:

  1. Go to Control Panel > Login Portal > DSM.
  2. Set HTTPS Port: 5001 (default) or custom.
  3. Enable Automatically redirect HTTP to HTTPS.
  4. Apply. DSM restarts networking—wait 1-2 minutes.

Test: Visit https://nas.yourdomain.com:5001. You should see a green lock, no warnings.

Step 6: Enable HTTPS for Packages and Advanced Tweaks

  • Packages like Synology Drive or Photos: In each app’s settings, select your GoDaddy cert under Connectivity > Advanced.
  • Reverse Proxy (for custom apps): Control Panel > Application Portal > Reverse Proxy—assign the cert to rules.
  • Auto-Renewal: GoDaddy certs expire (1-3 years). Set a calendar reminder; reissue via the same CSR for simplicity. For automation, script it (advanced users: use Task Scheduler with curl to GoDaddy API).

Troubleshooting Common Issues

IssuePossible CauseFix
“Certificate not trusted”Missing intermediate chainRe-import bundle file; test chain with SSL Labs’ tester.
“ERR_SSL_PROTOCOL_ERROR”Port forwarding/DNS wrongVerify A record resolves to public IP; forward 443 to NAS.
Import failsKey mismatchRegenerate CSR and reissue cert.
Browser warning persistsCache/old certClear browser cache; try incognito.
Remote access blockedFirewall/routerEnsure UPnP or manual forwards for 80/443; disable if using Cloudflare proxy.

If stuck, check Synology logs (Control Panel > Log Center) or forums.

Final Thoughts

Congrats—your Synology NAS is now HTTPS-secured with a legit GoDaddy cert! This setup not only boosts security but enables seamless remote access for backups, streaming, or collaboration. Remember, SSL is just one layer; pair it with strong passwords, 2FA (Control Panel > User & Group), and firewall rules.