Domoticz with SSL on Synology

On various Hardware and OS systems: pi / windows / routers / nas, etc
Post Reply
User avatar
Antori91
Posts: 102
Joined: Sunday 12 February 2017 18:12
Target OS: NAS (Synology & others)
Domoticz version: 4.97&3.5
Location: France
Contact:

Domoticz with SSL on Synology

Post by Antori91 » Sunday 12 February 2017 19:03

Hello forum,

I'm a new Domoticz (v. 3.5877) user on Synology (DS216j with DSM 6.0.2-8451 Update 9). My Synology has a Let's encrypt certificate and does https for DSM.

But I can't use https access (on 8443 port) to Domoticz (Normal http access is Ok). Chrome warns about the certificate/site and go to normal http, it doesn't do this for the same IP address but DSM port number. Even if I have red the Domoticz manual, it's still not clear about how to enable https access. Could you give me a link or information about this issue. Thanks in advance.

Regards,
Antori91
PS : I use Domoticz in an Home alarm system. The alarm server is a Raspberry and I use Domoticz as a client synchronized to the Raspberry using PubNub (PubNub Sdk Node.js on Synology and C/C++ Sdk on Raspberry).
Domoticz 3.5877
DS216j
DSM 6.0.2-8451 Update 9
Domoticz High Availability Cluster: Synology Dz V3.5877 (Main) - Raspberry Dz V4.97 (Backup) - Scripts Node.js
Alarm server: Raspberry - motionEye - iot_ALARM-SVR Node.js
Sensors/Actuators: ESP8266-Arduino
https://github.com/Antori91/Home_Automation

User avatar
Antori91
Posts: 102
Joined: Sunday 12 February 2017 18:12
Target OS: NAS (Synology & others)
Domoticz version: 4.97&3.5
Location: France
Contact:

Re: Domoticz with SSL on Synology

Post by Antori91 » Tuesday 14 February 2017 9:25

Issue solved. To setup ssl, I followed instructions given at http://www.domoticz.com/wiki/Native_sec ... ts_Encrypt . But this help page seems to be incomplete : it is missing the fact you must insert certificate along privkey, fullchain and DH.

Add the certificate to Domoticz
The last thing to do is adding the created certificate to Domoticz. This is easily done with the following commands:
sudo rm ~/domoticz/server_cert.pem
sudo cat /etc/letsencrypt/live/<your domain>/privkey.pem >> ~/domoticz/server_cert.pem
sudo cat /etc/letsencrypt/live/<your domain>/fullchain.pem >> ~/domoticz/server_cert.pem
When there's a domoticz error after rebooting the service like : Error: [web:443] missing SSL DH parameters
from file Add the DHparam :
sudo cat /etc/ssl/certs/dhparam.pem >> ~/domoticz/server_cert.pem
Domoticz High Availability Cluster: Synology Dz V3.5877 (Main) - Raspberry Dz V4.97 (Backup) - Scripts Node.js
Alarm server: Raspberry - motionEye - iot_ALARM-SVR Node.js
Sensors/Actuators: ESP8266-Arduino
https://github.com/Antori91/Home_Automation

User avatar
felix63
Posts: 161
Joined: Monday 07 December 2015 10:30
Target OS: Raspberry Pi
Domoticz version: 3.8275
Location: Gouda
Contact:

Re: Domoticz with SSL on Synology

Post by felix63 » Thursday 03 August 2017 21:59

HI,

Tried to do this but at
sudo cat /etc/ssl/certs/dhparam.pem >> ~/domoticz/server_cert.pem
I get an error:

Code: Select all

cat: /etc/ssl/certs/dhparam.pem: No such file or directory
Any idea how to solve this?

Cheers,
Lex

User avatar
felix63
Posts: 161
Joined: Monday 07 December 2015 10:30
Target OS: Raspberry Pi
Domoticz version: 3.8275
Location: Gouda
Contact:

Re: Domoticz with SSL on Synology

Post by felix63 » Thursday 03 August 2017 22:31

To answer my own question: by first generating the dhparam file with:

Code: Select all

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

NewFolk
Posts: 39
Joined: Wednesday 02 September 2015 11:47
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Domoticz with SSL on Synology

Post by NewFolk » Monday 04 September 2017 18:12

I done export certificate from Synology and add them by

Code: Select all

cat privkey.pem >> server_cert.pem
cat chain.pem >> server_cert.pem
cat /etc/ssl/certs/dhparam.pem >> server_cert.pem
But I see
Error: WebServer(SSL) startup failed on address 0.0.0.0 with port: 4443: use_private_key_file: key values mismatch

in log after

Code: Select all

./domoticz -www 8080 -sslwww 4443 -sslcert /home/pi/certificate/server_cert.pem
Any suggestion ?

pvm
Posts: 943
Joined: Tuesday 17 June 2014 22:14
Target OS: NAS (Synology & others)
Domoticz version: Stable
Location: NL
Contact:

Re: Domoticz with SSL on Synology

Post by pvm » Monday 04 September 2017 21:03

Is it possible to add an SSL certificate without using the command line, but using DSM?
I know I can add one, but do not now how to couple this to domoticz instance
Synology NAS, PI3, ZWave, Xiamo zigbee devices, BTLE plant sensor

spoutnik
Posts: 2
Joined: Sunday 19 November 2017 17:39
Target OS: NAS (Synology & others)
Domoticz version:
Contact:

Re: Domoticz with SSL on Synology

Post by spoutnik » Sunday 19 November 2017 17:54

hi,
I'm a new user of domoticz. i'm using domoticz on my Synology Nas. I Have SSL certificate on my Nas thanks to let's encrypt. I don't know much about linux...

I'm trying to configurate SSL on domoticz but have a few difficulties and questions.

First, I tried, as you said, to mix the "how to" and the info you gave on this thread. I used Putty, but I always have errors, such as the file your looking for doesn't exist in that place.

so I tried with winscp to find the certificat files and do what i had understand of the How to. no more luck, winscp can't because of permission, if I read well on that subject.

So my questions:
- on http://www.domoticz.com/wiki/Native_sec ... ts_Encrypt, it's said to create certificat, can't I use the one I have on the NAS that I can export ?

- second questions, does the place of the certifcate can have change ? I have a @appstore/domoticz on my Nas. not ~/domoticz/server_cert.pem

thanks to all of you for your time or your help If you can.

Spoutnik.

Dax1900
Posts: 2
Joined: Thursday 11 January 2018 14:18
Target OS: NAS (Synology & others)
Domoticz version: 3.8153
Contact:

Re: Domoticz with SSL on Synology

Post by Dax1900 » Thursday 11 January 2018 15:03

Hi all<

I'm still having problems getting mijn Synology certificate to work with Domoticz. I wonder if somebody can drop me some tricks.
This is what I've done:

- exported my working Let's Enscript certificate and copied it to the root home directory using WinSCP.
- stopped te package Domoticz in the DSM console
- renamed the file /volume1/@appstore/domoticz/server_cert.pem to /volume1/@appstore/domoticz/server_cert.pem.orig
- logged on as root via SSH op putty
- cat /root/privkey.pem >> /volume1/@appstore/domoticz/server_cert.pem
- cat /root/chain.pem >> /volume1/@appstore/domoticz/server_cert.pem

dhparam.pem didn't exist so I generated it as stated above
- openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 #took more than 2 hours!!
- cat /etc/ssl/certs/dhparam.pem >> /volume1/@appstore/domoticz/server_cert.pem

Unfortunately it didn't fly. This is what was in the log:
WebServer(HTTP) started on address: :: with port 8084
Error: WebServer(SSL) startup failed on address 0.0.0.0 with port: 8443: use_private_key_file: key values mismatch
Error: WebServer(SSL) check if no other application is using port: 8443

I'm lost... many thanks for any tips and tricks!!

Fabian
Posts: 1
Joined: Monday 12 February 2018 10:47
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Domoticz with SSL on Synology

Post by Fabian » Monday 12 February 2018 10:53

The contents of your PEM file might be in the wrong order. I've been struggling with this also this morning on a raspberry pi. The documentation isn't very explicit about 'fullchain', but the contents should be as follows:

Code: Select all

-----BEGIN PRIVATE KEY-----
private key
-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
the actual certificate
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
one or more chain certificates depending on your root CA
-----END CERTIFICATE-----

-----BEGIN DH PARAMETERS-----

-----END DH PARAMETERS-----

jmav
Posts: 1
Joined: Sunday 11 March 2018 21:05
Target OS: NAS (Synology & others)
Domoticz version:
Contact:

Re: Domoticz with SSL on Synology

Post by jmav » Sunday 11 March 2018 21:08


spoutnik
Posts: 2
Joined: Sunday 19 November 2017 17:39
Target OS: NAS (Synology & others)
Domoticz version:
Contact:

Re: Domoticz with SSL on Synology

Post by spoutnik » Saturday 09 June 2018 17:52

hi all,
I retry my chance.
thx to dax1900 i try again.

but from the begining nothing works. it seems that since a few time we can't acces root with winscp. so I put the file in another directory, but then putty says the files or directory doesn't exist...

maybe if someone did it he might help ?

thanks for your help.

best regards.

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests