Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Commercial Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE Compare Editions TrueCommand Software Status FreeNAS
Compare Systems F-Series M-Series X-Series R-Series Mini Series
About iXsystems Our Clients Reviews Careers Awards iX Blog & News iX Website Contact Us
Community Forum Discord TrueNAS GitHub TrueNAS Merch Store
Application Analytics Backup and Archival Cloud Data Mobility File Sharing iX Storj Media Creation Video Surveillance Virtualization
Industry Automotive Education Gaming Government Healthcare MSP Manufacturing Research & AI Media & Entertainment
Download TrueNAS CORE Download TrueNAS SCALE Get TrueNAS Enterprise Compare TrueNAS Editions Where to Buy
  1. Documentation Hub
  2. /
  3. TrueNAS SCALE
  4. /
  5. SCALE Tutorials
  6. /
  7. Credentials
  8. /
  9. Certificates
  10. /
  11. Adding ACME DNS-Authenticators
Edit page
TrueNAS SCALETrueNAS SCALE Nightly Development Documentation
This content follows experimental early release software. Use the Product and Version selectors above to view content specific to a stable software release.

Adding ACME DNS-Authenticators

  2 minute read.

Last Modified 2023-11-30 10:15 EST

Automatic Certificate Management Environment (ACME) DNS authenticators allow users to automate certificate issuing and renewal. The user must verify ownership of the domain before TrueNAS allows certificate automation.

ACME DNS is an advanced feature intended for network administrators or AWS professionals. Misconfiguring ACME DNS can prevent you from accessing TrueNAS.

The system requires an ACME DNS Authenticator and CSR to configure ACME certificate automation.

Adding a DNS Authenticator

To add an authenticator,

Click Add on the ACME DNS-Authenticator widget to open the Add DNS Authenticator screen.

Add DNS Authenticator
Figure 1: Add DNS Authenticator

Enter a name, and select the authenticator you want to configure. Options are cloudflare, Amazon route53, OVH, and shell. Authenticator selection changes the configuration fields.

If you select cloudflare as the authenticator, you must enter your Cloudflare account email address, API key, and API token.

If you select route53 as the authenticator, you must enter your Route53 Access key ID and secret access key.

If you select OVH as the authenticator, you must enter your OVH application key, application secret, consumer key, and endpoint.

Click Save to add the authenticator.

Adding an Authenticator with a Shell Script

The shell authenticator option is meant for advanced users. Improperly configured scripts can result in system instability or unexpected behavior.

If you select shell as the authenticator, you must enter the path to an authenticator script, the running user, a certificate timeout, and a domain propagation delay.

Advanced users can select this option to pass an authenticator script, such as acme.sh, to shell and add an external DNS authenticator. Requires an ACME authenticator script saved to the system.

Related Content

SCALE Tutorials
SCALE UI Reference
SCALE CLI Reference

Have more questions?

For further discussion or assistance, see these resources:

Found content that needs an update?  You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).