I wrote for my own use a script to manage the Let's Encrypt certificate installation and updates on my TrueNAS system. I download my wildcard certificate on a Windows system on my network and then distribute from there, so while the method listed here would work, I didn't want to setup another place to order a certificate. I did learn more about using the API from reading the script there.
In the end I came up with a powershell script that uses the API key from TrueNAS to authenticate and then installs, updates or resets (back to default) the certificates used by GUI, WebDAV and FTP.
Before you get started, use Posh-ACME to download a certificate (or use any other valid certificate in base64 format). You'll also need to generate an API key on TrueNAS. API keys are available from the web interface by clicking Settings > API Keys
First install
To install the first certificate, provide the servername, API key and paths to the certificate and private key files:
The above command will connect to "
Updates
The update command will check the provided certificate and compare it to installed certificates. It'll then replace that certiticate for any service that uses the same (and delete the old cert).
The above command will connect to "
Reset
In case you want to reset back to the default "localhost" certificate, use the reset command
It'll set all services to use the default certificate. You'll have to manually remove any installed cert you want to get rid of.
In the end I came up with a powershell script that uses the API key from TrueNAS to authenticate and then installs, updates or resets (back to default) the certificates used by GUI, WebDAV and FTP.
Before you get started, use Posh-ACME to download a certificate (or use any other valid certificate in base64 format). You'll also need to generate an API key on TrueNAS. API keys are available from the web interface by clicking Settings > API Keys
First install
To install the first certificate, provide the servername, API key and paths to the certificate and private key files:
Code:
$InstallArgs = @{ TruenasServer = "nas.anymoo.com" ApiKey = "yourapikey" ChainFilePath = "C:\Powershell\acmeCert\fullchain.cer" KeyFilePath = "C:\Powershell\acmeCert\cert.key" CertnamePrefix = "LetsEncrypt" #Default value is "LE" } Install-TruenasCertificate @InstallArgs
The above command will connect to "
nas.anymoo.com
" and authenticate using the API key. It will then:- Install the certificate
- Configure the main UI to use the certificate
- Configure WebDAV to use the certificate
- Configure FTP to use the certificate
- Finally the UI is reset to activate the new cert
-NotForUi
, -NotForWebdav
and -NotForFTP
.Updates
The update command will check the provided certificate and compare it to installed certificates. It'll then replace that certiticate for any service that uses the same (and delete the old cert).
Code:
$InstallArgs = @{ TruenasServer = "nas.anymoo.com" ApiKey = "yourapikey" ChainFilePath = "C:\Powershell\acmeCert\fullchain.cer" KeyFilePath = "C:\Powershell\acmeCert\cert.key" CertnamePrefix = "LetsEncrypt" #Default value is "LE" } Update-TruenasCertificate @InstallArgs
The above command will connect to "
nas.anymoo.com
" and authenticate using the API key. It will then:- Install the certificate
- Configure the main UI, WebDAV and FTP to use the new cert, if any of those used the old cert
- Delete the old cert
- Finally the UI is reset to activate the new cert
Install-TruenasCertificate
.Reset
In case you want to reset back to the default "localhost" certificate, use the reset command
Code:
$ResetArgs = @{ TruenasServer = "nas.anymoo.com" ApiKey = "yourapikey" } Reset-TruenasCertificate @ResetArgs
It'll set all services to use the default certificate. You'll have to manually remove any installed cert you want to get rid of.