Unable to sign certifications with TrueNAS-SCALE-22.12.4

H

hillimicha

Cadet
Joined
Oct 7, 2023
Messages
5
Hey all,

Currently using TrueNAS-SCALE-22.12.4, within the last few days my certs have expired and I have been unable to renew/sign them. They worked before; but now not so much. Previously, I have attempted to use the "Certificates" portion of TrueNAS Scale (under Credentials -> Certificates) and for a while that did work. However, with TrueCharts apps it seems I am no longer able to utilize those because I get an error message when attempting to use them. I have now since opted to try and use clusterissuer for my certificates/signing of my apps running on my TrueNAS system.

As it stands, I *can* access the services via my domain publicly; however now browsers complain that the cert is self-signed. I tried disabling the 'self-signed' option in cluster issuer; however it complained and wouldn't let me progress with it..

Any suggestions? Below are some screenshots of my config.
 
Last edited by a moderator:
H

hillimicha

Cadet
Joined
Oct 7, 2023
Messages
5
Screenshots attached here, had to have my previous batch deleted for information sake! API Key is not my own, just random keys I chucked in. Thanks for the save mods. =)
 

Attachments

  • Apps.png
    Apps.png
    322.4 KB · Views: 109
  • clusterissuer.png
    clusterissuer.png
    276.8 KB · Views: 104
  • kavita.png
    kavita.png
    12.5 KB · Views: 104
M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
Did you attempt to do this with previous versions?
Perhaps roll back to 22.12.3 and verify its a new problem.
 
H

hillimicha

Cadet
Joined
Oct 7, 2023
Messages
5
morganL said:
Did you attempt to do this with previous versions?
Perhaps roll back to 22.12.3 and verify its a new problem.
Click to expand...
Thanks for the reply. I've attempted to do the same on 22.12.3 as well. Issue occurs the same on that revision as well. I have also attempted to disable the 'self-signed' option in clusterissuer and the issue still persists with that option disabled.
 
H

hillimicha

Cadet
Joined
Oct 7, 2023
Messages
5
For reference, this is what my site currently returns for a certificate. I'm sure this is a simple misconfiguration issue somewhere; unfortunately i've followed multiple guides to the letter with the same results each time..

Common Name (CN)
<Not Part Of Certificate>
Organization (O)
<Not Part Of Certificate>
Organizational Unit (OU)
<Not Part Of Certificate>

Issued By​

Common Name (CN)
<Not Part Of Certificate>
Organization (O)
<Not Part Of Certificate>
Organizational Unit (OU)
<Not Part Of Certificate>

Validity Period​

Issued On
Tuesday, October 3, 2023 at 10:17:28 AM
Expires On
Monday, January 1, 2024 at 9:17:28 AM
 
M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
hillimicha said:
For reference, this is what my site currently returns for a certificate. I'm sure this is a simple misconfiguration issue somewhere; unfortunately i've followed multiple guides to the letter with the same results each time..

Common Name (CN)
<Not Part Of Certificate>
Organization (O)
<Not Part Of Certificate>
Organizational Unit (OU)
<Not Part Of Certificate>

Issued By​

Common Name (CN)
<Not Part Of Certificate>
Organization (O)
<Not Part Of Certificate>
Organizational Unit (OU)
<Not Part Of Certificate>

Validity Period​

Issued On
Tuesday, October 3, 2023 at 10:17:28 AM
Expires On
Monday, January 1, 2024 at 9:17:28 AM
Click to expand...


I'm puzzled by "they worked before but not now...."... is it a change in software or a change in your process?

If you can write upo the full process for getting your cetificates, you can report a bug.... but we'd have more confidence its a bug if you could show an older piece of software worked... or someone else has the same issue.
 
H

hillimicha

Cadet
Joined
Oct 7, 2023
Messages
5
morganL said:
I'm puzzled by "they worked before but not now...."... is it a change in software or a change in your process?

If you can write upo the full process for getting your cetificates, you can report a bug.... but we'd have more confidence its a bug if you could show an older piece of software worked... or someone else has the same issue.
Click to expand...

Thanks for the reply.

As I mentioned in the initial post, the previous method I used was the Credentials -> Certificates portion of TrueNAS Scale to get my certificate and then I would use the "Use TrueNAS Scale Certificate (Deprecated)" portion of TrueCharts apps to make it work. This was the original setup that I did have working. However, once the certs expired, I tried to renew and I got errors about "entry #0 not a string" somewhere.. If I can replicate it again I'll pull it up.

However, since the TrueNAS Scale method of generating those certs was deprecated, I am wanting to move away from that.. So I'm opting to use clusterissuer since that appears to be the preferred method for generating a cert these days..

At this point.. I just want it to work.. I'm so many guides deep into trying to get this to work I'm kinda pulling my hair out.. I've verified on cloudflare that the certs ARE generated.. but for what ever reason I cannot get them to apply on my system..
 
M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
Hmm...are there any references that clusterissuer works with SCALE?
It would be useful to share any docs that recommended this approach.
Have you tried any other certificate approaches?

Does TrueCharts have a recommendation for a new method that works with SCALE?
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
It's working fine for me with the exception of Ombi--for some reason (and I haven't as yet gotten in touch with them on their Discord to try to sort it out) it's presenting an expired cert and won't renew it. It obtains and renews certs for everything else without a problem.
 
M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
danb35 said:
It's working fine for me with the exception of Ombi--for some reason (and I haven't as yet gotten in touch with them on their Discord to try to sort it out) it's presenting an expired cert and won't renew it. It obtains and renews certs for everything else without a problem.
Click to expand...
@hillimicha I'd suggest documenting you process relative to the Trucharts docs.... and identifying the specific apps and versions you are using.

Perhaps someone will see an issue.... you might want to change the title of the tread to include clusterissuer and TrueCharts
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Unable to sign certifications with TrueNAS-SCALE-22.12.4"

Similar threads

K
Truenas Scale default certificate
Replies
0
Views
298
kaushik
K
fundatus
Enabling SecureBoot on TrueNAS SCALE
Replies
2
Views
3K
fundatus
fundatus
R
Cant connect to Truenas Applet (Nextcloud) externally
Replies
3
Views
1K
LarsR
L
B
Uploading a Certificate against a Certificate Signing Request
Replies
0
Views
1K
Brian Buchanan
B
L
Apps not using renewed certificate
Replies
1
Views
2K
morganL
M
Top