After installing the newly released DSM 6.0 beta for Synology NAS, I was unable to reach the DSM again. My Chrome browser showed “Connection refused”. Not really a good start for beta testing new software.
Luckily SSH is still up. Since DSM running on nginx, it’s straightforward to look for some error log in the nginx error log.
1 |
$ cat /var/log/nginx/error.log |
shows following log records
1 |
2015/10/14 21:08:31 [emerg] 9040#9040: PEM_read_bio_X509_AUX("/usr/syno/etc/ssl/ssl.chain.crt/server.crt") failed (SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line) |
in the file /usr/syno/etc/ssl/ssl.chain.crt/server.crt
I found a weird certificate formatting
1 2 3 4 5 6 |
... ImqVevbi0ntIdiu3OBL0NuuHNw7N1kKkXTBIZnswp3mxOVSqDrEchULLW8fyawVX lBOEu1QErxKSjwvlkQ== -----END CERTIFICATE----------BEGIN CERTIFICATE----- MIIF2TCCA8GgAwIBAgIHFxU9nqs/vzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG ... |
There’s a missing newline between the chained certificate. Put a new line between the certificate and restart nginx.
1 2 3 4 5 6 7 |
... ImqVevbi0ntIdiu3OBL0NuuHNw7N1kKkXTBIZnswp3mxOVSqDrEchULLW8fyawVX lBOEu1QErxKSjwvlkQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF2TCCA8GgAwIBAgIHFxU9nqs/vzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG ... |
and restart nginx
1 |
$ synoservicecfg --restart nginx |
Tadaaaa… DSM is available again.
Hi how do you edit the cert file and after how do you save changes, i’m a noob at ssh, can you give me step by step instructions please :)
Hi Scott, have you ever activated Terminal/SSH service in DSM before? are you on Windows or Mac/Linux? if you’re on windows, search for putty. If you’re on Mac/Linux run Terminal. Then try to run following command in Putty or Terminal
ssh [email protected]_IP
if it works, it will ask for you password. The password is the same with the password of admin user.
If you don’t have Terminal/SSH service activated on DSM, then please see http://forum.synology.com/enu/viewtopic.php?f=260&t=105758&start=30
hey thanks for getting bck, I’v been on syno forum and get how to open the ssl file but I don’t know how to save it after modifying it :(, at the min all I have is the synology ssl on my nas on 5.2 I had a startssl that worked perfectly, I want to re apply this cert, but afraid I get error again on gui, I have ssh enabled
btw when I upgraded to 6.0 I reinstalled it because of the gui prob