It is quite annoying getting notifications for unencrypted http connections on my home servers. One solution for Synology is to set a scheduled task with the following command:

tailscale configure synology-cert

This command issues a Let’s Encrypt certificate with 90 day expiration that get’s automatically renewed depending on the task frequency.

For my TrueNAS I use tailscale serve to securely expose my services and apps (immich etc) through a HTTPS website in my tailnet. Enabling HTTPS via tailscale admin panel is required.

The next step it to execute: tailscale serve –https=port_number localhost:port_number

You can execute the command in the background with –bg or in foreground and interrupt it with Ctrl+C.