TrueNAS Open Storage Logo
TrueNAS.com Products Enterprise Support Community Support Truenas Security Get TrueNAS Enterprise Download TrueNAS Community Edition About TrueNAS Careers
TrueNAS Open Storage Logo
F-Series
F-Series

All-Flash NVMe Performance.

H-Series
H-Series

Big business performance. Entry level pricing.

Mini Series
Mini Series

Home Labs, Small Office & SMB Applications.

M-Series
M-Series

All-Flash or Hybrid Enterprise Performance.

R-Series
R-Series

Single Controller Storage Appliances.

TrueNAS Enterprise Icon
TrueNAS Enterprise

Mission Critical Storage. 24×7 Enterprise Support.

TrueCommand Icon
TrueCommand

Manage Your TrueNAS Fleet All From One Place.

Use Cases

Analytics Backup & Archival Cloud Data Mobility File Sharing
iX-Storj Media & Entertainment Surveillance Veeam Backup Virtualization

Industry

Audio Broadcasting Gaming Healthcare Manufacturing Media & Entertainment
Automotive Education Government MSP Research & AI

Support

Enterprise Support

For customers with active support contracts.

Community Support

For peer-to-peer, open-source support.

Resources

Case Studies Documentation TrueNAS API Apps Market TrueNAS Security FAQ ZFS Overview
TrueNAS Blog Solution Guides Datasheets Software Status Videos TrueCommand Cloud
TrueNAS Community Edition Community Forum Discord TrueNAS GitHub TrueNAS Merch Store
About TrueNAS Awards Careers Contact Us Our Clients Reviews
Contact Icon
Contact an Enterprise Specialist

Speak with an enterprise storage specialist to find the right solutions for your business needs.

TrueNAS Enterprise Icon
TrueNAS Enterprise

Enterprise-grade storage appliances designed for business and mission-critical environments.

TrueNAS Community Edition Icon
Download TrueNAS Community Edition

Test Drive TrueNAS in Your Environment.

  1. Documentation Hub
  2. /
  3. TrueNAS 26.04 (Early)
  4. /
  5. UI Reference Guide
  6. /
  7. Credentials
  8. /
  9. Certificates
  10. /
  11. ACME DNS-Authenticators Screens
Edit page

ACME DNS-Authenticators Screens

  4 minute read.

The ACME DNS-Authenticators widget, on the Certificates screen, shows configured authenticators. Automatic Certificate Management Environment (ACME) DNS-Authenticators allow users to automate certificate issuing and renewal. The user must verify ownership of the domain before TrueNAS allows certificate automation.

ACME DNS is an advanced feature intended for network administrators or AWS professionals. Misconfiguring ACME DNS can prevent you from accessing TrueNAS.
The system requires an ACME DNS authenticator and CSR to configure ACME certificate automation.
ACME DNS-Authenticators Widget
Figure 1: ACME DNS-Authenticators Widget

Add opens the Add DNS-Authenticator screen.

The more_vert icon for a listed certificate shows a dropdown list of options.

Edit opens the Edit DNS Authenticator screen.

delete deletes opens a Delete DNS Authenticator dialog.

Add or Edit DNS Authenticator

Fields change based on Authenticator selection. The Edit DNS Authenticator screen shows the current settings entered and saved on the Add DNS Authenticator screen.

Add DNS Authenticator
Figure 2: Add DNS Authenticator
SettingDescription
NameText entry field that accepts manual or copy/paste entry of an internal identifier (name) for the authenticator.
AuthenticatorSets a DNS provider to create an authenticator. The dropdown list of provider options:
cloudflare
digitalocean
route53
OVH
shell.
Cloudflare EmailText entry field that accepts manual or copy/paste entry of your Cloudflare account email address. Shows when cloudflare is selected in Authenticator.
API KeyText entry field that accepts manual or copy/paste entry of the API key obtained from Cloudflare. Shows when cloudflare is selected in Authenticator.
API TokenText entry field that accepts manual or copy/paste entry of the API token obtained from Cloudflare. Shows when cloudflare is selected in Authenticator.
Digitalocean TokenText entry field that accepts manual or copy/paste entry of the token obtained from Digitalocean. Shows when digitalocean is selected in Authenticator.
Access Key IDText entry field that accepts manual or copy/paste entry of the access key ID obtained from AWS Route53. Shows when route53 is selected in Authenticator.
Secret Access KeyText entry field that accepts manual or copy/paste entry of the secret access key obtained from AWS Route53. Shows when route53 is selected in Authenticator.
Application KeyText entry field that accepts manual or copy/paste entry of the application key obtained from OVH. Shows when OVH is selected in Authenticator.
Application SecretText entry field that accepts manual or copy/paste entry of the application secret key obtained from OVH. Shows when OVH is selected in Authenticator.
Consumer KeyText entry field that accepts manual or copy/paste entry of the consumer key obtained from OVH. Shows when OVH is selected in Authenticator.
EndpointText entry field that accepts manual or copy/paste entry of the endpoint. For example, ovh-us or ovh-ca depending on your region. Shows when OVH is selected in Authenticator.
ScriptText entry field that accepts manual or copy/paste entry of a path to where you filed the DNS challenge script. For example, /path/to/your-dns-script.sh. Shows when shell is selected in Authenticator. A DNS challenge script automates the process of proving domain ownership by updating DNS records. It allows creating TXT records, which ACME servers, like Let’s Encrypt, that query to verify domain control. It is particularly useful for obtaining wildcard certificates or when HTTP-based challenges are not feasible.
UserText entry field that accepts manual or copy/paste of a user name. For example, root, adminUserName, etc. Shows when shell is selected in Authenticator.
TimeoutText entry field that accepts manual or copy/paste of a numeric value that establishes how long TrueNAS waits (in seconds) for DNS propagation. The default is 120 or 300 seconds. Shows when shell is selected in Authenticator.
DelayText entry field that accepts manual or copy/paste entry of a numeric value (in seconds) that TrueNAS writes after the creation of the DNS record. The default is 60 or 120 seconds. Shows when shell is selected in Authenticator.

Delete DNS Authenticator Dialog

The Delete DNS Authenticator dialog shows a Confirm option that, when selected, activates the Delete button. TrueNAS asks you to confirm before you can delete the authenticator.

Delete DNS Authenticator
Figure 3: Delete DNS Authenticator

Related Content

UI Reference
Tutorials

Have more questions?

For further discussion or assistance, see these resources:

Found content that needs an update?  You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).