You have two likely issues to overcome. The First is that letsencrypt REQUIRES port 80 for certbot validation, Unless you can control your DNS to perform DNS authentication. they disabled HTTPS validation some time ago.

This is the part that makes the above part obnoxious. Port 80 on just about any ISP for the last 30 years has been blocked. Sometimes you can get it turned on for business accounts, sometimes on a home account for WFH type purposes. but rarely without a cost. This will the foul LetsEncrypt in a big way for their normal validation.

With your DDNS provider it will vary depending on what your provider is. Google has great DDNS support. Dreamhost, not so much.

DDNS is ususally what will be used for a system that is on DHCP and will need to have its ip/dns records updated. CNAME is for a redirection of Domain A to Domain B (No IP).

Here is the fun voodoo of a modern webserver. Apache and nginx both do this well. You can put up one of those web-servers and use it as a web-server. and then use a reverse proxy from that server into a website or location on another machine that is not exposed to the internet. So your NAS is now behind a location on your main server. IE your network is homedomain.org and your webserver responds to it. your NASis behind your firewall, but you set up a reverse proxy on your webserver so now homedomain.org/NAS goes directly to your nas device's web page. If you have more DNS and DDNS tools available you can create nas.homedomain.org and tell your webserver to talk all nas.homedomain.org traffic and redirect to "webiste" A wich is a reverse proxy to your NAS and then all other traffic si handled by "website" B on the server itself.

I have had limited success with this because I am very new to this. But it is an interest learning process and you learn a great deal about webtraffic and the like.

On Mon, Mar 11, 2019 at 2:17 PM Herminio Hernandez, Jr. <herminio.hernandezjr@gmail.com> wrote:
The issue most of of the box routers have pretty basic port-forwarding. If you are already forarding 80/443 to one server then you will not be able to use it on another server unless you have more than public ip address. 

On Mon, Mar 11, 2019 at 2:14 PM Carlton Brooks <linux@carltonbrooks.net> wrote:
I have a successful homeassistant setup running on a NUC with a
letsencrypt certificate. It uses Port 80 and 443 for internet access.

I just bought a Synology NAS disk station DS918+ to do all my bacups etc.

If I want to access the outside world with the NAS with an SSL or
Letsencrypt certificate, I again need to have port 80/443 open.

This is where I need help. I will admit the lack of knowledge at this
point but I do know that two devices can not share the same ports, but
how might I configure the NAS to gain outside secure access.

I can get a domain name but am confused as to using a DDNS or cname to
gain access.

Any help in "somewhat" simple terms would be greatly appreciated.

Thanks

Carlton Brooks

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss


--
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen