Using Let’s Encrypt for Plex on Synology 10

One of the great features with my Synology NAS, is that it uses the Let’ Encrypt SSL certificates.  I am using my NAS for personal use so I didn’t want to spend money on a SSL certificate nor do I want to use a Self Signed one.  Synology has a how to guide on their site if you wish to set up one your self.  

Once this is completed you can connect to your DiskStation Manager securely… ‘yay, and there is much rejoicing’.  With this guide I am presuming, you know about OpenSSL and have basic knowledge on its use and you are using Plex.  All that said, you also would like to use a secure connection to your Plex media server.

Now we are ready to set up our Plex service to use https.


  1. You will need to export your “Let’s Encrypt” certificate from your NAS.  Login to your DSM and open the Control Panel and goto Security -> Certificate. Select the certificate your Default Certificate and export it.
  2. Unzip the exported certificates and navigate to the folder.  If you are using a windows machine it’s easier to unzip the contents in the openssl folder and run “openssl” as the administrator.  In the OS X or Linux environment open your terminal and navigate to the unzipped folder and type “openssl”
  3. Your terminal should now have the “OpenSSL>” prompt
  4. Type pkcs12 -export -out *your domain*.pfx -in cert.pem -inkey privkey.pem -certfile chain.pem -name “*your domain*”
    Remember the password you entered in, you’ll need that for later
  5. Upload the new certificate to the root folder of Plex on your NAS server – should be “Plex”
  6. In your Plex Manager goto “Settings – Server – Network”.
    • Custom certificate location: /volume1/Plex/*your domain*.pfx
    • Custom certificate encryption key: the password you used earlier
    • Custom certificate domain: *your domain*

  7. Save your changes and restart your Plex service.

Leave a Reply

10 thoughts on “Using Let’s Encrypt for Plex on Synology

  • naitakal

    This was very helpful, thanks! I actually wasn’t using the Default certificate provided by Synology though mainly because it didn’t contain a chain.pem file on export. So I ended up creating a Let’s encrypt certificate for the plex subdomain I wanted to use and everything worked like a charm. Only thing I am wondering now, will I have to recreate the pfx file when the certificate gets renewed?

    • Karsten Pearce Post author

      I do each time I update my certificate, I believe you do, because it’s using the privkey.pem from the new cert.

      • naitakal

        Which makes sense.I will probably try to make it part of the daily cert renew job running on my NAS, optimally without actually creating the pfx file every night when nothing got renewed.

    • Karsten Pearce Post author

      I don’t have port 80 open through my firewall so I haven’t tested this yet, but do you have the following turned on?
      Control Panel -> Network -> DSM Settings -> Automatically redirect HTTP connections to HTTPS (Web Station and Photo Station excluded).

      I think this will only work if your Plex station is sharing the same URL as your Synology box

    • Karsten Pearce Post author

      Yeah, “Let’s Encrypt” needs to verify that you own the domain before it generates a certificate. You can create a self-sign certificate and load it. Just skip the steps that are dealing with “Let’s Encrypt”. Granted I haven’t done this before, but I don’t see why it wouldn’t work.