TrueNAS SCALETrueNAS SCALE Version Documentation
This content follows the TrueNAS SCALE 23.10 (Cobia) releases. Use the Product and Version selectors above to view content specific to different TrueNAS software or major version.

ACME DNS-Authenticators Screens

  3 minute read.

Last Modified 2023-08-24 15:28 EDT

The Certificates screen includes the ACME DNS-Authenticators widget that displays a list of configured authenticators. The Automatic Certificate Management Environment (ACME) DNS-Authenticators screen allows users to automate certificate issuing and renewal. The user must verify ownership of the domain before TrueNAS allows certificate automation.

ACME DNS is an advanced feature intended for network administrators or AWS professionals. Misconfiguring ACME DNS can prevent you from accessing TrueNAS.
ACME DNS-Authenticators Widget with No Authenticators
Figure 1: ACME DNS-Authenticators Widget with No Authenticators

Each authenticator listed is a link that opens the Edit ACME DNS-Authenticator screen for the selected authenticator.

delete deletes the authenticator from your server.

Add opens the Add ACME DNS-Authenticator screen.

The system requires an ACME DNS authenticator and CSR to configure ACME certificate automation.

Add DNS Authenticator

Fields change based on Authenticator selection.

Add DNS Authenticator
Figure 2: Add DNS Authenticator
SettingDescription
NameRequired. Enter an internal identifier for the authenticator.
AuthenticatorSelect a DNS provider from the dropdown list and configure any required authenticator attributes. Options are cloudflare, Amazon route53, OVH, and shell.

Cloudflare

cloudflare activates the Cloudflare Email, API Key, and API Token fields.

Add DNS Authenticator - Cloudflare
Figure 3: Add DNS Authenticator - Cloudflare
SettingDescription
Cloudflare EmailEnter the email address for the Cloudflare account.
API KeyEnter the API Key.
API TokenEnter the API token.

Route 53

route53 activates the Access Key Id and Secret Access Key fields.

Add DNS Authenticator - Route 53
Figure 4: Add DNS Authenticator - Route 53
SettingDescription
Access Key IdEnter the access key ID.
Secret Access KeyEnter the secret access key.

OVH

OVH activates the OVH Application Key, OVH Application Secret, OVH Consumer Key, and OVH Endpoint fields.

Add DNS Authenticator - OVH
Figure 5: Add DNS Authenticator - OVH
SettingDescription
OVH Application KeyEnter the application key.
OVH Application SecretEnter the application secret.
OVH Consumer KeyEnter the consumer key.
OVH EndpointEnter the endpoint.

Shell

Enables users to pass an authenticator script, such as acme.sh, to shell and add an external DNS authenticator. shell activates the Authenticator script, Running user, Timeout, and Propagation delay fields.

The shell authenticator option is meant for advanced users. Improperly configured scripts can result in system instability or unexpected behavior.
Add DNS Authenticator - Shell
Figure 6: Add DNS Authenticator - Shell
SettingDescription
Authenticator scriptEnter the path to an ACME DNS authenticator script on the system.
Running userEnter the username of the account that initiates the script, usually admin.
TimeoutEnter a timeout length (in seconds) for generated certificates.
Propagation delayEnter a DNS propagation delay time (in seconds) for ISP domain caching.

Related Content