I have a Synology NAS for personal use that it is not accessible outside my local home network.
Is there any value in replacing the stock self-signed certificate?
I already have a custom domain with a pfSense firewall that is already using ACME for Let’s Encrypt certs, so I don’t think I can forward port 80 to the Synology, not that I want to anyways.
Would it be worth setting up the Synology DDNS to replace that stock self-signed cert?
I am not sure if it is worth it or not, TBH, but I did it. I have let’s encrypt certs on every piece of hardware in my home lab and on all the VMs/dockers. I don’t expose my Synology publicly other than using using their apps on my phone. The other way I use my Synology is with Tailscale. I pretty much can access my entire home lab from the road using Tailscale on my laptop. I feel like it was cheap insurance to put certs on everything. BTW, I didn’t have to use DDNS to get a cert. I used Cloudflare DNS challenge authentication. My home lab domain is on Cloudflare, but it is not publicly exposed. Its pretty easy once you figure it out the first time. It costs me $8.51 a year for my domain. Well worth it in my mind. I also use my pfSense as my primary DNS resolver, so all the stuff on my home lab domain is accessible by a FQDN instead of an IP address.