Automatic Certificate Management Environment (ACME) DNS authenticators allow users to automate certificate issuing and renewal. The user must verify ownership of the domain before TrueNAS allows certificate automation.

ACME DNS is an advanced feature intended for network administrators or AWS professionals. Misconfiguring ACME DNS can prevent you from accessing TrueNAS.

The system requires an ACME DNS Authenticator and CSR to configure ACME certificate automation to proceed.

Before you begin this procedure, log in to your DNS authenticator provider service to obtain an API global key or an API token, whichever your service provider requires. When configuring an ACME DNS authenticator in TrueNAS using Cloudflare as the provider, you need the global API key but not the API token.

TrueNAS allows users to automatically generate custom domain certificates using Let’s Encrypt.

• An email address for your TrueNAS admin user.
• A custom domain that uses Cloudflare, DigitalOcean, Amazon Route 53, or OVHcloud.
• A DNS server that does not cache for your TrueNAS system.

Go to Credentials > Certificates and click ADD in the ACME DNS-Authenticators widget.

The ACME DNS-Authenticators widget, on the Certificates screen, shows configured authenticators. Automatic Certificate Management Environment (ACME) DNS-Authenticators allow users to automate certificate issuing and renewal. The user must verify ownership of the domain before TrueNAS allows certificate automation.

ACME DNS is an advanced feature intended for network administrators or AWS professionals. Misconfiguring ACME DNS can prevent you from accessing TrueNAS.

The system requires an ACME DNS authenticator and CSR to configure ACME certificate automation.

Add opens the Add DNS-Authenticator screen.