TrueNAS Open Storage Logo
TrueNAS.com Products Enterprise Support Community Support Truenas Security Get TrueNAS Enterprise Download TrueNAS Community Edition About TrueNAS Careers
TrueNAS Open Storage Logo
F-Series
F-Series

All-Flash NVMe Performance.

H-Series
H-Series

Big business performance. Entry level pricing.

Mini Series
Mini Series

Home Labs, Small Office & SMB Applications.

M-Series
M-Series

All-Flash or Hybrid Enterprise Performance.

R-Series
R-Series

Single Controller Storage Appliances.

TrueNAS Enterprise Icon
TrueNAS Enterprise

Mission Critical Storage. 24×7 Enterprise Support.

TrueCommand Icon
TrueCommand

Manage Your TrueNAS Fleet All From One Place.

Use Cases

Analytics Backup & Archival Cloud Data Mobility File Sharing
iX-Storj Media & Entertainment Surveillance Veeam Backup Virtualization

Industry

Audio Broadcasting Gaming Healthcare Manufacturing Media & Entertainment
Automotive Education Government MSP Research & AI

Support

Enterprise Support

For customers with active support contracts.

Community Support

For peer-to-peer, open-source support.

Resources

Case Studies Documentation TrueNAS API Apps Market TrueNAS Security FAQ ZFS Overview
TrueNAS Blog Solution Guides Datasheets Software Status Videos TrueCommand Cloud
TrueNAS Community Edition Community Forum Discord TrueNAS GitHub TrueNAS Merch Store
About TrueNAS Awards Careers Contact Us Our Clients Reviews
Contact Icon
Contact an Enterprise Specialist

Speak with an enterprise storage specialist to find the right solutions for your business needs.

TrueNAS Enterprise Icon
TrueNAS Enterprise

Enterprise-grade storage appliances designed for business and mission-critical environments.

TrueNAS Community Edition Icon
Download TrueNAS Community Edition

Test Drive TrueNAS in Your Environment.

  1. Documentation Hub
  2. /
  3. TrueNAS 26.04 (Early)
  4. /
  5. TrueNAS Tutorials
  6. /
  7. Credentials
  8. /
  9. Certificates
  10. /
  11. Adding ACME DNS Authenticators
Edit page

Adding ACME DNS Authenticators

  2 minute read.

Automatic Certificate Management Environment (ACME) DNS authenticators allow users to automate certificate issuing and renewal. The user must verify ownership of the domain before TrueNAS allows certificate automation.

ACME DNS is an advanced feature intended for network administrators or AWS professionals. Misconfiguring ACME DNS can prevent you from accessing TrueNAS.

The system requires an ACME DNS Authenticator and CSR to configure ACME certificate automation to proceed.

Adding a DNS Authenticator

Before you begin this procedure, log in to your DNS authenticator provider service to obtain an API global key or an API token, whichever your service provider requires. When configuring an ACME DNS authenticator in TrueNAS using Cloudflare as the provider, you need the global API key but not the API token.

This procedure uses Cloudflare as the example. To add an authenticator:

Click Add on the ACME DNS-Authenticator widget to open the Add DNS Authenticator screen.

Add DNS Authenticator
Figure 1: Add DNS Authenticator

Enter a name.

Select the authenticator you want to configure. Cloudflare shows by default. Supported authenticator options are Cloudflare, DigitalOcean, Amazon Route 53, OVHcloud, and shell. Authenticator selection changes the configuration fields.

When selecting cloudflare as the authenticator, enter the Cloudflare account email address associated API key and the DNS domain. For Cloudflare, copy/paste the global API key from Cloudflare into the API Key field. If using an API token, do not enter the Cloudflare account email address.

When selecting digitalocean as the authenticator, enter your DigitalOcean Token.

When selecting route53 as the authenticator, enter your Route53 Access key ID and secret access key.

When selecting OVH as the authenticator, enter your OVH application key, application secret, consumer key, and endpoint.

Click Save to add the authenticator.

The DNS authenticator shows on the ACME DNS-Authenticator widget. To make changes, click on the more_vert for the authenticator, and then on Edit.

After adding the authenticator, you can configure a certificate signing request (CSR) for this authentictor and create an ACME certificate. For more information, see Managing Certificate Signing Requests.

Adding an Authenticator with a Shell Script

The shell authenticator option is intended for advanced users. Improperly configured scripts can result in system instability or unexpected behavior.

If you select shell as the authenticator, you must enter the path to an authenticator script, the running user, a certificate timeout, and a domain propagation delay.

Advanced users can select this option to pass an authenticator script, such as acme.sh, to the shell and add an external DNS authenticator. This requires an ACME authenticator script saved to the system.

Related Content

Tutorials
UI Reference

Have more questions?

For further discussion or assistance, see these resources:

Found content that needs an update?  You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).