It’s a bit hard for folks in the community to help troubleshoot in the absence a lot of information. If your LE cert isn’t a wildcard cert, then you won’t be able to use it for Graylog. LE does issue wildcard certs, which you can get using something like this:
sudo certbot certonly \
--dns-cloudflare-credentials /Users/yourname/.secrets/certbot/cloudflare.ini \
That said, things like log messages, screenshots of the UI, configuration snippets generally go a long way to helping identify the problem, or a the very least narrow down the issue.
To your point @dickinsonzach , TLS/PKI is hard–while folks struggle with it, there are folks who are also able to implement it successfully, both using our open source/free version, and the enterprise. So I wouldn’t say that paying for support is required to get SSL up and running. Heck, I’m on our support team and find working with TLS to be a bit of a challenge myself.
That said, here are a couple of other things. With regard to using a TLS syslog input to ingest Synology syslog logs, it appears that Synology won’t send syslog logs over TLS Sending logs from Synology to Graylog over TLS = "TLSV1_ALERT_UNKNOWN_CA" - #12 by SoMoney.
The other thing is that I can 100% confirm that I’m able to get syslog messages into Graylog via a TLS input:
Syslog Input Configuration:
Rsyslog client config:
$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
Screenshot of TLS Syslog Input & logs
Since I don’t have a Synology NAS that I can readily try and reproduce this in, you might try out some of the steps in the other entry that I linked @Kptainflintt and see if you can get any further.