ACME DNS-Authenticators Screens

The ACME DNS-Authenticators widget, on the Certificates screen, shows configured authenticators. Automatic Certificate Management Environment (ACME) DNS-Authenticators allow users to automate certificate issuing and renewal. The user must verify ownership of the domain before TrueNAS allows certificate automation.

ACME DNS is an advanced feature intended for network administrators or AWS professionals. Misconfiguring ACME DNS can prevent you from accessing TrueNAS.
The system requires an ACME DNS authenticator and CSR to configure ACME certificate automation.
ACME DNS-Authenticators Widget
Figure 1: ACME DNS-Authenticators Widget

Add opens the Add DNS-Authenticator screen.

The more_vert icon for a listed certificate shows a dropdown list of options.

Edit opens the Edit DNS Authenticator screen.

delete deletes opens a Delete DNS Authenticator dialog.

Add or Edit DNS Authenticator

Fields change based on Authenticator selection. The Edit DNS Authenticator screen shows the current settings entered and saved on the Add DNS Authenticator screen.

Add DNS Authenticator
Figure 2: Add DNS Authenticator
SettingDescription
NameText entry field that accepts manual or copy/paste entry of an internal identifier (name) for the authenticator.
AuthenticatorSets a DNS provider to create an authenticator. The dropdown list of provider options:
cloudflare
digitalocean
route53
OVH
shell.
Cloudflare EmailText entry field that accepts manual or copy/paste entry of your Cloudflare account email address. Shows when cloudflare is selected in Authenticator.
API KeyText entry field that accepts manual or copy/paste entry of the API key obtained from Cloudflare. Shows when cloudflare is selected in Authenticator.
API TokenText entry field that accepts manual or copy/paste entry of the API token obtained from Cloudflare. Shows when cloudflare is selected in Authenticator.
Digitalocean TokenText entry field that accepts manual or copy/paste entry of the token obtained from Digitalocean. Shows when digitalocean is selected in Authenticator.
Access Key IDText entry field that accepts manual or copy/paste entry of the access key ID obtained from AWS Route53. Shows when route53 is selected in Authenticator.
Secret Access KeyText entry field that accepts manual or copy/paste entry of the secret access key obtained from AWS Route53. Shows when route53 is selected in Authenticator.
Application KeyText entry field that accepts manual or copy/paste entry of the application key obtained from OVH. Shows when OVH is selected in Authenticator.
Application SecretText entry field that accepts manual or copy/paste entry of the application secret key obtained from OVH. Shows when OVH is selected in Authenticator.
Consumer KeyText entry field that accepts manual or copy/paste entry of the consumer key obtained from OVH. Shows when OVH is selected in Authenticator.
EndpointText entry field that accepts manual or copy/paste entry of the endpoint. For example, ovh-us or ovh-ca depending on your region. Shows when OVH is selected in Authenticator.
ScriptText entry field that accepts manual or copy/paste entry of a path to where you filed the DNS challenge script. For example, /path/to/your-dns-script.sh. Shows when shell is selected in Authenticator. A DNS challenge script automates the process of proving domain ownership by updating DNS records. It allows creating TXT records, which ACME servers, like Let’s Encrypt, that query to verify domain control. It is particularly useful for obtaining wildcard certificates or when HTTP-based challenges are not feasible.
UserText entry field that accepts manual or copy/paste of a user name. For example, root, adminUserName, etc. Shows when shell is selected in Authenticator.
TimeoutText entry field that accepts manual or copy/paste of a numeric value that establishes how long TrueNAS waits (in seconds) for DNS propagation. The default is 120 or 300 seconds. Shows when shell is selected in Authenticator.
DelayText entry field that accepts manual or copy/paste entry of a numeric value (in seconds) that TrueNAS writes after the creation of the DNS record. The default is 60 or 120 seconds. Shows when shell is selected in Authenticator.

Delete DNS Authenticator Dialog

The Delete DNS Authenticator dialog shows a Confirm option that, when selected, activates the Delete button. TrueNAS asks you to confirm before you can delete the authenticator.

Delete DNS Authenticator
Figure 3: Delete DNS Authenticator