2 minutes reading time (443 words)

Synology Hyperbackup and Certificates

Hyperbackup is a backup system provided by Synology on their Diskstation and Rackstations and its a good product as is the hardware, but like most things in Synology, the term "set it and forget it" does not apply as this customer found out to their detriment. 

The Synology NAS system has a web interface, which is in fact very good and well designed, it allows amongst other things for you to setup an SSL certificate to encrypt web traffic. This can be a self signed, purchased or lets-encrypt certificate and in the latter the process of renewal is automated which is nice. 

b2ap3_large_HYPERBACKUP1 GEN - Blog

The problem comes when your SSL Certificate changes, which is would normally do annually for a purchased cert or every 90 days for lets-encrypt, at which point everything breaks including Hyperbackup and the cause isn't immediately clear. The dialogue above indicates that the destination for your backup is offline, you would of course check the backup server and find it online and running. You would check the firewall settings, probably restart the services maybe even reboot the server but nothing is going to make this work again until you go into settings and get as far as target at which point you notice...

b2ap3_large_HYPERBACKUP2 GEN - Blog

Yes, seriously, because your certificate renewed and even though you've specifically not enabled transfer encryption the backup process crashes to a halt. You are required to press "Trust Server Certificate" to continue after which the backup will resume until the next certificate change (90 days for lets-encrypt, a year for purchased). Why? What possible purpose can there be to halting the backup every time a certificate renews? and why is there no way to prevent it? 

Just as a side note, other things that break are all the iOS applications, Cloud-Station Backup, Cloudstation, and probably more. If you are going to use a lets-encrypt certificate, and I would encourage you to do so, then every 90 days you need to make a note in your diary to go to all the servers and click all the buttons or stuff will stop working. 

Update 19/09/2018: Just had another new customer today who's had a volume crash and his hyper backup stopped working because of this about 6 months ago, so we're now in the position where he's shipping the unit back to us and we're going to have to attempt volume recovery. PLEASE CHECK YOUR HYPERBACKUP IS RUNNING REGULARLY

Update 20/01/2019 - Synology released an update that effectively FIXES this who scenario by allowing you to ignore certificate errors/always trust. We're briefing this out to our base and recommend you re-visit your Hyperbackup client and make the change. Nice one Synology! 

The 2017 Toyota Prius PHEV
Whois Information Fraud