Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Enterprise Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
TrueNAS Enterprise TrueNAS SCALE TrueNAS CORE Compare Editions TrueCommand Software Status FreeNAS
Compare Systems F-Series M-Series H-Series R-Series Mini Series
About iXsystems Our Clients Reviews Careers Awards iX Blog & News iX Website Contact Us
Community Forum Discord TrueNAS GitHub TrueNAS Merch Store
Use Cases Analytics Backup and Archival Cloud Data Mobility File Sharing iX Storj Media Creation Surveillance Virtualization
Industry Automotive Education Gaming Government Healthcare MSP Manufacturing Research & AI Media & Entertainment
Download TrueNAS SCALE Download TrueNAS CORE Get TrueNAS Enterprise Compare TrueNAS Editions Contact an Enterprise Specialist
  1. Documentation Hub
  2. /
  3. TrueNAS 25.04 (Early)
  4. /
  5. TrueNAS Tutorials
  6. /
  7. Credentials
  8. /
  9. Certificates
  10. /
  11. Creating ACME Certificates
Edit page
TrueNASTrueNAS Nightly Development Documentation
This content follows experimental nightly development software. Pre-release software is intended for testing purposes only.
Use the Product and Version selectors above to view content specific to a stable software release.

Creating ACME Certificates

  2 minute read.

TrueNAS allows users to automatically generate custom domain certificates using Let’s Encrypt.

Requirements

  • An email address for your TrueNAS admin user.
  • A custom domain that uses Cloudflare, AWS Route 53, or OVH.
  • A DNS server that does not cache for your TrueNAS system.

Create an ACME DNS-Authenticator

Go to Credentials > Certificates and click ADD in the ACME DNS-Authenticators widget.

LetsEncryptAcmeDNSAuthenticator

Enter the required fields depending on your provider, then click Save.

For Cloudflare, enter either your Cloudflare Email and API Key, or enter an API Token. If you create an API Token, make sure to give the token the permission Zone.DNS:Edit, as it’s required by certbot.

For Route53, enter your Access Key ID and Secret Access Key. The associated IAM user must have permission to perform the Route53 actions ListHostedZones, ChangeResourceRecordSets, and GetChange.

For OVH, enter your OVH Application Key, OVH Application Secret, OVH Consumer Key, and OVH Endpoint.

Create a Certificate Signing Request (CSR)

Next, click ADD in the Certificate Signing Requests widget.

You can use default settings except for the Common Name and Subject Alternate Names fields.

LetsEncryptCSR

Enter your primary domain name in the Common Name field, then enter additional domains you wish to secure in the Subject Alternate Names field.

For example, if your primary domain is domain1.com, entering www.domain1.com secures both addresses.

Create ACME Certificate

Click the icon next to the new CSR.

LetsEncryptACMECertificate

Fill out the ACME Certificate form. Under Domains, select the ACME DNS Authenticator you created for both domains, then click Save.

You can create testing and staging certificates for your domain.

Set the GUI SSL Certificate

Go to System > General Settings and click Settings in the GUI widget.

Select the new ACME certificate you created from the GUI SSL Certificate dropdown, then click Save.

Select the Confirm checkbox, then press Continue to restart TrueNAS and apply the changes.

Related Content

Tutorials
UI Reference

Have more questions?

For further discussion or assistance, see these resources:

Found content that needs an update?  You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).