Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Commercial Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE Compare Editions TrueCommand Software Status FreeNAS
Compare Systems F-Series M-Series X-Series R-Series Mini Series
About iXsystems Our Clients Reviews Careers Awards iX Blog & News iX Website Contact Us
Community Forum Discord TrueNAS GitHub TrueNAS Merch Store
Application Analytics Backup and Archival Cloud Data Mobility File Sharing iX Storj Media Creation Video Surveillance Virtualization
Industry Automotive Education Gaming Government Healthcare MSP Manufacturing Research & AI Media & Entertainment
Download TrueNAS CORE Download TrueNAS SCALE Get TrueNAS Enterprise Compare TrueNAS Editions Where to Buy
  1. Documentation Hub
  2. /
  3. TrueNAS SCALE
  4. /
  5. SCALE Tutorials
  6. /
  7. Credentials
  8. /
  9. Certificates
  10. /
  11. Creating ACME Certificates
Edit page
TrueNAS SCALETrueNAS SCALE Nightly Development Documentation
This content follows experimental early release software. Use the Product and Version selectors above to view content specific to a stable software release.

Creating ACME Certificates

  2 minute read.

Last Modified 2024-01-19 10:15 EST

TrueNAS SCALE allows users to automatically generate custom domain certificates using Let’s Encrypt.

Requirements

  • An email address for your TrueNAS SCALE Admin user.
  • A custom domain that uses Cloudflare, AWS Route 53, or OVH.
  • A DNS server that does not cache for your TrueNAS SCALE system.

Create an ACME DNS-Authenticator

Go to Credentials > Certificates and click ADD in the ACME DNS-Authenticators widget.

LetsEncryptAcmeDNSAuthenticator

Enter the required fields depending on your provider, then click Save.

For Cloudflare, enter either your Cloudflare Email and API Key, or enter an API Token. If you create an API Token, make sure to give the token the permission Zone.DNS:Edit as it’s required by certbot.

For Route53, enter your Access Key ID and Secret Access Key.

For OVH, enter your OVH Application Key, OVH Application Secret, OVH Consumer Key, and OVH Endpoint.

Create a Certificate Signing Request (CSR)

Next, click ADD in the Certificate Signing Requests widget.

You can use default settings except for the Common Name and Subject Alternate Names fields.

LetsEncryptCSR

Enter your primary domain name in the Common Name field, then enter additional domains you wish to secure in the Subject Alternate Names field.

For example, if your primary domain is domain1.com, entering www.domain1.com secures both addresses.

Create ACME Certificate

Click the icon next to the new CSR.

LetsEncryptACMECertificate

Fill out the ACME Certificate form. Under Domains, select the ACME DNS Authenticator you created for both domains, then click Save.

You can create testing and staging certificates for your domain.

Related Content

SCALE Tutorials
SCALE UI Reference
SCALE CLI Reference

Have more questions?

For further discussion or assistance, see these resources:

Found content that needs an update?  You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).