The Certificates screen shows information for certificates, certificate signing requests (CSRs), and ACME DNS-authenticators configured on the system, and provides the ability to import or edit them. TrueNAS comes equipped with an internal, self-signed certificate that enables encrypted access to the web interface, but users can make custom certificates for authentication and validation while sharing data.

The TrueNAS Connect service automatically creates a default truenas_connect_ certificate after registering your TrueNAS system in the TrueNAS Connect service. The certificate shows in the Certificates widget on the Credentials > Certificates screen.

The Certificate Signing Requests widget allows users to configure a message that the system sends to a registration authority of the public key infrastructure to apply for a digital identity certificate.

If you plan to create an ACME certificate, before adding a CSR, make sure the certificate authority provider account (i.e., Cloudflare, DigitalOcean, etc.) is correctly configured with all domains entered in this CSR.

Automatic Certificate Management Environment (ACME) DNS authenticators allow users to automate certificate issuing and renewal. The user must verify ownership of the domain before TrueNAS allows certificate automation.

ACME DNS is an advanced feature intended for network administrators or AWS professionals. Misconfiguring ACME DNS can prevent you from accessing TrueNAS.

The system requires an ACME DNS Authenticator and CSR to configure ACME certificate automation to proceed.

Before you begin this procedure, log in to your DNS authenticator provider service to obtain an API global key or an API token, whichever your service provider requires. When configuring an ACME DNS authenticator in TrueNAS using Cloudflare as the provider, you need the global API key but not the API token.

TrueNAS allows users to automatically generate custom domain certificates using Let’s Encrypt.

• An email address for your TrueNAS admin user.
• A custom domain that uses Cloudflare, DigitalOcean, Amazon Route 53, or OVHcloud.
• A DNS server that does not cache for your TrueNAS system.

Go to Credentials > Certificates and click ADD in the ACME DNS-Authenticators widget.

The Certificates widget on the Credentials > Certificates screen shows certificates added to TrueNAS.

Import opens the Import Certificate screen.

The more_vert icon for a listed certificate shows a dropdown list of options: Download, Edit, and Delete. Each TrueNAS has an internal certificate that enables encrypted access to the web interface.

download Download downloads the certificate to the system. In Windows, this is the Downloads folder.

The Certificate Signing Requests widget, on the Certificates screen, shows a list of certificate signing requests (CSRs) configured on the system. CSR.

The more_vert icon for a listed CSR shows a dropdown list of options: Create ACME Certificate, Download, Edit, and Delete.

The ACME DNS-Authenticators widget, on the Certificates screen, shows configured authenticators. Automatic Certificate Management Environment (ACME) DNS-Authenticators allow users to automate certificate issuing and renewal. The user must verify ownership of the domain before TrueNAS allows certificate automation.

ACME DNS is an advanced feature intended for network administrators or AWS professionals. Misconfiguring ACME DNS can prevent you from accessing TrueNAS.

The system requires an ACME DNS authenticator and CSR to configure ACME certificate automation.

Add opens the Add DNS-Authenticator screen.

Use the Credentials > Certificates screen to manage certificates, certificate signing requests (CSRs), and DNS authenticators with the Certificates, Certificate Signing Requests (CSRs), and ACME DNS-Authenticators widgets.

Each TrueNAS comes equipped with an internal, self-signed certificate that enables encrypted access to the web interface, but users can import custom certificates for authentication and validation while sharing data.