(408) 943-4100               V   Commercial Support Toggle between Light and Dark mode

ACME DNS

  2 minute read.

Last Modified 2021-03-17 17:36 EDT
This feature is only available in the open source supported TrueNAS CORE.

Automatic Certificate Management Environment (ACME) is available for automating certificate issuing and renewal. The user must verify ownership of the domain before certificate automation is allowed.

An ACME DNS Authenticator is required to configure ACME certificate automation. This also requires a Certificate Signing Request.

ACME DNS Authenticators

Go to System > ACME DNS and click ADD.

SystemACMEDNSAdd

Enter a name for the authenticator. This is only used to identify the authenticator in the TrueNAS web interface. Choose a DNS provider and configure any required Authenticator Attributes:

  • Route 53: Amazon DNS web service. Requires entering an Amazon account Access ID Key and Secret Access Key. See the AWS documentation for more details about generating these keys.

Click SUBMIT to register the DNS Authenticator and add it to the list of authenticator options for ACME Certificates.

Creating ACME Certificates

ACME certificates can be created for existing certificate signing requests. These certificates use an ACME DNS authenticator to confirm domain ownership, then are automatically issued and renewed. To create a new ACME certificate, go to System > Certificates, click (Options) for an existing certificate signing request, and click Create ACME Certificate.

SystemCertificatesAddACMECertificate

NameDescription
IdentifierInternal identifier of the certificate. Only alphanumeric characters, dash (-), and underline (_) are allowed.
Terms of ServicePlease accept the terms of service for the given ACME Server.
Renew Certificate DayNumber of days to renew certificate before expiring.
ACME Server Directory URIURI of the ACME Server Directory. Choose a preconfigured URI or enter a custom URI.
Authenticator for Domain Name (Domain Name dynamically changes)Authenticator to validate the domain. Choose a previously configured ACME DNS authenticator.