|
Synology NAS · DSM Recovery · Troubleshooting Synology NAS Locked Out After Enabling HTTPS — Recovery GuideNAS unreachable · Port 5001 · Synology Assistant · SSH access · DSM reset DSM 6 · DSM 7 · Self-signed certificate · Let's Encrypt · DDNS |
|
Don't panic! Your Synology NAS is not broken — only the browser access is blocked. The NAS is still fully functional and contains all your data. The following steps show how to restore access. |
|
Contents of this guide
|
What Happened?
You enabled HTTPS in your Synology NAS system settings — a good security measure. But now one of two things happens:
Scenario 1: Old bookmark no longer works
You click on http://192.168.1.100:5000 → browser shows error or redirects to HTTPS,
but the self-signed certificate is not accepted.
Scenario 2: HTTPS enabled but with self-signed certificate
The Synology NAS automatically generates a self-signed certificate. Browser warns about
"certificate error", "connection not secure", "certificate is not trusted".
Root cause: The Synology NAS has no valid SSL certificate — only an internally generated one. The port has been locked: HTTP (5000) redirects to HTTPS (5001), but the browser refuses the connection without a valid certificate.
Solution 1: Change Browser URL to Port 5001 (Quickest Method)
The Synology NAS still runs on https://192.168.1.100:5001. The browser will warn you,
but you can ignore this warning and proceed.
Google Chrome:
1. Address bar: type https://192.168.1.100:5001 and press ENTER |
| 2. Warning: "Your connection is not private" — click here |
| 3. Expandable text with arrows: click "Advanced" |
| 4. Link "Proceed to site (unsafe)" — accept to proceed |
Mozilla Firefox:
1. Address bar: type https://192.168.1.100:5001 and press ENTER |
| 2. Error page: "Warning: Potential Security Risk Ahead" |
| 3. Click link "Advanced..." |
| 4. Button "Add Exception" — after confirmation Firefox continues |
Microsoft Edge:
1. Address bar: type https://192.168.1.100:5001 and press ENTER |
| 2. Error: "This site can't be reached securely" |
| 3. Click "More information" |
| 4. "More" → "Continue to this unsafe website" |
Important: This warning is normal for self-signed certificates in local networks. You can safely ignore it as long as you are within the LAN.
Solution 2: Synology Assistant (Bypasses Browser Issues)
Synology provides desktop software that bypasses browser certificate warnings:
Step by step:
1. Download: https://www.synology.com/en-uk/support/download → find your NAS model → Synology Assistant |
| 2. Install: run EXE / DMG, accept default options |
| 3. Open: "Synology Assistant" launches, scans for your NAS on the network |
| 4. Double-click NAS icon: Assistant connects and opens DSM directly (no browser certificate error) |
| 5. Admin login: enter username / password → you are now in DSM |
Solution 3: Disable HTTP Redirect
The Synology NAS can be configured so that HTTP continues to work (without forced HTTPS redirection). This is less secure but a temporary workaround.
For DSM 7 (current version):
| 1. Open Control Panel (DSM login required → via HTTPS:5001 or Synology Assistant) |
| 2. Network → DSM Settings |
| 3. Tab "General" |
| 4. Checkbox "Redirect HTTP connections to HTTPS" UNCHECK |
| 5. Click "Apply" |
6. Now http://192.168.1.100:5000 works again (temporary workaround) |
For DSM 6: Control Panel → Security → Network — similar option available.
Solution 4: Install Proper SSL Certificate (Long-Term)
For a permanent and secure solution: set up a Let's Encrypt certificate via DSM. This eliminates browser warnings completely.
Prerequisite: Enable DDNS
Your Synology NAS must have a public address (hostname like my-nas.synology.me).
If your IP changes regularly, use DDNS (Dynamic DNS).
| 1. Control Panel: Network → General → DDNS |
| 2. Provider: Synology (free: my-nas.synology.me) or Dyn, Cloudflare, etc. |
| 3. Test button: "Connection Test" — should show green |
| 4. Save |
Request Let's Encrypt certificate:
| 1. Control Panel: Security → Certificate |
| 2. New → Let's Encrypt |
3. Domain name: my-nas.synology.me (or your DDNS hostname) |
| 4. Email: enter contact email (for certificate renewal) |
| 5. Auto-renewal: check box (Let's Encrypt certs valid for 90 days) |
| 6. Request |
| 7. Success: certificate created and activated |
Result: After this, https://my-nas.synology.me shows no browser warning whatsoever.
The certificate is automatically renewed every 90 days.
SSH Access and Last Resort (DSM Reset)
Fallback A: SSH Connection
If all browser methods fail, you can log in via SSH (if SSH is enabled in DSM).
| 1. Control Panel (if needed via Synology Assistant): Security → enable SSH (port 22 or custom) |
2. Terminal / PowerShell: ssh admin@192.168.1.100 -p 22 |
| 3. Enter password → shell access |
| 4. Configuration changeable via synowebapi or direct file editing (advanced users) |
Fallback B: DSM Reset (Backup Required!)
Warning: This resets system settings to factory defaults — your data remains intact, but all users, network settings, installed packages are reset.
| 1. Find reset button on NAS: usually small hole (right or rear) |
| 2. Use reset pin or paperclip — press for ~15 seconds |
| 3. NAS reboots (LED blinks during reset) |
| 4. After startup, open Control Panel and reconfigure (users, network, etc.) |
Different reset modes (depends on NAS model):
• Reset Mode 1: Network settings reset, data remains
• Reset Mode 2 / Factory Reset: Everything deleted (data + settings) — DO NOT USE THIS!
Comparison of All Access Methods
| Method | Effort | Risk | Prerequisite |
|---|---|---|---|
| Direct port 5001 access | Minimal (1 min) | None | None — ready immediately |
| Synology Assistant | Low (2–5 min) | None | Windows/Mac software download |
| Disable HTTP redirect | Low (DSM login needed) | Low (security-wise) | HTTPS:5001 or Synology Assistant |
| Let's Encrypt (long-term) | Medium (15 min) | None | DDNS + DSM access |
| SSH recovery | High (tech skills required) | Medium | SSH enabled, terminal experience |
| DSM reset | High (reconfiguration) | High (settings lost) | Last resort only — really as last option! |
|
Best Practice: Enable HTTPS from the start with a valid certificate. Set up DDNS + Let's Encrypt before enabling HTTPS. This prevents browser warnings entirely and enables secure remote access without issues. |
|
Synology NAS Support and Configuration Problems with your Synology setup? Contact: +49 (0)7666 / 88499-0 • sales@industry-electronics.com |
| Synology NAS in the shop • SSL certificates for intranet • Knowledge hub |