Let’s Encrypt has made FREE SSL Certificates a thing! The only catch is that expire after 3 months — so you’re constantly in a cycle of having to renew them.
You can allow the Synology NAS to renew on it’s own – great. The downside to that is you need to leave Port 80 open/forwarded on your router to your NAS either all the time or “around” the time when the Certificate may be renewed (which you don’t know precisely). I don’t know about you, but I don’t really want Port 80 open/forwarded at all times.
The alternative is to “manually” renew the Certificate. One way is to do it within the GUI. The other way is to do it via SSH.
Either way, you’ll need to open/forward Port 80 on your router (to your Synology NAS).
SSH into your Synology box as “admin” — then enter sudo -i — then enter the admin’s password when prompted. You’re now operating as “root”.
Then run the following to actually renew the Certificate for another 3 months (per Let’s Encrypt’s policy)