Other folks are saying it is working for them in this thread.
-
Important Announcement for The TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
What is the best way to use lets-encrypt with TrueNAS Scale 21.04
- Thread starter vega2004
- Start date
Other folks are saying it is working for them in this thread.
ornias
Wizard
- Joined
- Mar 6, 2020
- Messages
- 1,458
No one here said so ;-)
I think you're confusing threads.
It's about a 50% chance if it works at the moment.
silverback
Contributor
- Joined
- Jun 26, 2016
- Messages
- 134
The Cloudflare TXT issue was fixed for me in todays nightly. Be sure to reboot if you get an error on the first try.
ornias
Wizard
- Joined
- Mar 6, 2020
- Messages
- 1,458
Yes the following commit should prevent the race condition that was happening somewhat :)
github.com
Wait for changes to txt records to propagate · truenas/middleware@fa5de1c
This commit adds changes to wait for each record to propagate before telling CA that the records can be validated. The behaviour is keeping in line with how certbot operates where there's a cus...
github.com
Literally 3 posts above my first post.
I've followed the linked documentation to TrueCharts and have successfully created the LE cert on 22.02-RC.2, but when I select to use it in the web UI, the original locally-signed "freenas-default" cert is still used. I've tried manually restarting the web server with `service nginx restart` but it did not make a difference.
Is there any guidance on how to use the letsencrypt cert as the ssl cert for the web UI?
Edit: a full reboot resolved the issue, but it would be nice to be able to ensure that the system (especially storage shares) stay up while the webserver restarts to pick up the new/renewed cert.
Is there any guidance on how to use the letsencrypt cert as the ssl cert for the web UI?
Edit: a full reboot resolved the issue, but it would be nice to be able to ensure that the system (especially storage shares) stay up while the webserver restarts to pick up the new/renewed cert.
Last edited:
behzad
Dabbler
- Joined
- Feb 14, 2022
- Messages
- 15
i am still trying to make it run and i am stucking here, too.
I have a domain from google and followed this guide.
Just need a bit of help here please.
Evan Richardson
Explorer
- Joined
- Dec 11, 2015
- Messages
- 76
Does anyone have an updated guide link? the "certificates" page is gone from truecharts.org thanks
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
07 - Adding Lets-Encrypt Certificates | TrueCharts
With TrueNAS SCALE, it's possible to automatically generate certificates for your domain(s) using letsencrypt. However, this process is not very self-explanatory.
Evan Richardson
Explorer
- Joined
- Dec 11, 2015
- Messages
- 76
thanks!07 - Adding Lets-Encrypt Certificates | TrueCharts
With TrueNAS SCALE, it's possible to automatically generate certificates for your domain(s) using letsencrypt. However, this process is not very self-explanatory.truecharts.org
I know this is an old thread, but this link results in a 404 not found.
Is this the new version of the documentation?
https://truecharts.org/docs/manual/guides/adding-letsencrypt/
https://truecharts.org/docs/manual/guides/adding-letsencrypt/
What I don't get is having to use AWS or Cloudflare to host my DNS. Is there a way of using Letsencrypt without having to use these to host my DNS?
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
That's because iX have chosen to only include those two in their UI. It's still better than in CORE, though, where it's AWS or nothing. Edit: The reason the DNS host matters in this context is that the Let's Encrypt integration wants to use DNS validation, which (practically) requires the ability to create and remove DNS records programmatically. This isn't the only way to get a cert, but it doesn't require that anything on your server be exposed to the Internet.
Let's Encrypt with FreeNAS 11.1 and later
Integrating Let’s Encrypt TLS Certificates with FreeNAS FreeNAS has long had the ability to use HTTPS for the web GUI, but that has usually meant dealing with self-signed certificates and the associated headaches, or paying for a commercial...
www.truenas.com
With that said, my script isn't strictly necessary any more; acme.sh now includes a deploy script for TrueNAS. My script adds a few features that may be handy, but the basic deployment can be handled by acme.sh itself (more accurately, by a script that's packaged with it).
Last edited:
1. It's the same, just moved under other menu.
2. Cloudflare/Route53 is not used (only) for DNS. It's used mainly for Certificate DNS Challenge. Scale also supports custom (via shell script) cert renewal/DNS Challenge. But you have to write/find a script
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Hmmm, that's new and interesting...
@danb35 @stavros-k Thanks for your replies. I don't mind moving my DNS hosting to Cloudflare, but the domain I wanted to use already has a website with a Letsencrypt certificate hosted elsewhere. Would moving the DNS to Cloudflare affect that?
Okay, I changed my DNS to Cloudflare. Went through pretty quickly. Set up cert in TrueNAS fine. But now noticed my website isn't working, giving a too many redirects error, so reverting name server back to how I had it until I have more time to look at this. It has gone midnight here.
Turning off the proxy for all the DNS entries seems to have worked.
