Yesterday Synology pushed out a new update covering a fair bit of new things and some fixes.

NOTE: Please be aware NOT to update your NAS if you don’t have a valid backup and even in that case if that NAS is your main production device. Best to wait a while or even better, if possible, run it on a secondary NAS or a VM
Version: 6.2.3-25423
Important Note

The update is expected to be available for all regions within the next few weeks, although the time of release in each region may vary slightly.
This update will restart your Synology NAS.
Removed the support for Google Cloud Print in DSM 6.2.3 and above.
To avoid the interruption of iSCSI service, the automatic DSM update and your power schedule to shut down may not be executed as expected if there are any active iSCSI sessions.
Removed TWNIC from the list of DDNS service providers on DSM 6.2.3 since TWNIC will stop accepting new registrations for DSM as of Jul. 1, 2020. Your current TWNIC DDNS services can still be used and edited but will not be available again once deleted from DSM.
This is the last major DSM version (6.2) that supports the video conversion to .flv and MPEG-4 Part 2 on certain models (RS814, RS214, DS414, DS414slim, DS414j, DS216se, DS215j, DS214+, DS214, DS214se, DS213j, DS120j, DS119j, DS115, DS115j, and DS114) in consideration of the termination of Adobe's support for Flash Player by the end of 2020.

What's New in DSM 6.2.3

1. Thin Provisioning LUN will become protected upon insufficient volume space, preventing clients from writing data to the LUN while allowing read-only access to the existing data.
2. Added support to sign in to DSM using a UPN (user principal name) of a domain via web portal and file protocols.
3. Added support for the option of forcing password changes for importing local users.
4. Enhanced the compatibility of the imported user list, providing clearer error messages when the imported file contains syntax errors.
5. Added support to record only the events of SMB transfer selected by the user, providing transfer logs that meet the requirements more closely.
6. Added support for client users to monitor the changes of subdirectories under shared folders via SMB protocol.
7. Added details of desktop notifications to facilitate users' timely responses.
8. Added support for external UDF file system devices.
9. Added support for the Open vSwitch option in a high-availability cluster.
10. Added support for IP conflict detection, providing logs and notifications accordingly.
11. Added support for Let's Encrypt wildcard certificates.
12. Added support to waive the need of DSM login again through an HTTPS connection after a change in client's IP address.
13. Added support for hardware-assisted locking for Thick Provisioning LUN on an ext4 volume.
14. Added support for customized footer message on DSM login pages.

Fixed Issues

1. Fixed the issue where certain cities might be mapped to incorrect time zones.
2. Fixed the issue where LDAP users could not be notified of the upcoming password expiration.
3. Fixed the issue where the upload of LDAP certificate could not overwrite the original one with the same file name.
4. Fixed the issue where the application permissions settings might not be applied properly to the Domain Users group when such group in Windows AD domain was named other than "Domain Users".
5. Fixed the issue of inaccurate time of usage history in Resource Monitor.
6. Improved system responsiveness by reducing the latency of the Btrfs file system in certain scenarios.
7. Fixed the issue where SNMP did not provide the indices of Disk and RAID correctly.
8. Fixed the issue where the recycle bin of an encrypted shared folder might not be emptied properly.
9. Enhanced the DSM login performance for multiple concurrent logins.
10. Adjusted the personal notification mechanism to comply with the latest Gmail API.
11. Fixed the issue where the iSCSI service might be interrupted when the LUN backup task is stopped.
12. Removed the function of expanding the capacity of a block LUN.

Known Issues & Limitations

Access to DSM via HTTPS using Google Chrome on a client device running macOS 10.15 might fail after a DSM update from an older version.

One reason I’m posting about his and that new feature No. 11 - Added support for Let's Encrypt wildcard certificates. Up until now, users were unable to create wild card certificates despite that LE made this possible almost 2 years ago. Still, a welcome addition to an already added feature of automatic creation of LE certificate when creating a new DDNS registered name with Synology domain.

So what does this mean in the end? Well you will be able to issue a wild card certificate for your synology registered domain name. Something like * This was not possible before and users that wanted to host web content on their NAS devices while using a LE wild card certificate, had to use alternate method to get it. Still, this didn’t mean that you could get it for your domain, no. You could only get it for your own custom domain and then import that certificate into your NAS.

If running your own domain is not your cup of tea but still want to have a wild card certificate, this will be a perfect solution for your.

As with any update there are potential problems. Even though in the past few days I haven’t noticed any major problem with this update (like NAS being bricked) there is a problem (and a solution) if you are running Synology Photo Station package. It looks like that Photo Station users that cover specific parameters, are locked out of their PS. Luckily Synology already made a fix. You can read more on this problem here.

If you do decide to patch day 1 keep in mind that you can’t (officially) downgrade to previous versions, so be sure that this update is a valid step for your needs.