Domain names and SSL

1337Hacker

Dabbler
Joined
Oct 22, 2017
Messages
27
It's about time I start using SSL on FreeNAS and found some great articles on the process:

One thing that seems to be overlooked that I do not understand: domains

Is the domain used for anything other than issuing the certification?
Does the domain have to be bound/attached to the FreeNAS server somehow? If so, how?
Can the domain be used for a pre-existing website? With an already issued SSL?
Do you need to keep control over the domain after 3 months for certbot?

I can't seem to find a straight answer regarding this topic. I also do NOT want to allow public IP access to the server. Someone please drop some knowledge!
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
Does the domain have to be bound/attached to the FreeNAS server somehow?
Yes.
If so, how?
In your local DNS records. Generally this is something that would be done in your router, assuming your router provides DNS service for your LAN.
Can the domain be used for a pre-existing website?
Kind of. If you have www.yourdomain.com on an existing website, you could set up freenas.yourdomain.com for your NAS.
Do you need to keep control over the domain after 3 months for certbot?
Not for certbot--it only checks control at the time of issuance. But if you don't keep control, the cert isn't worth too much.
 

Yorick

Wizard
Joined
Nov 4, 2018
Messages
1,912
Highly recommend doing this with dynamic DNS. There are dynamic DNS providers that work with Let's Encrypt. dynu is one, you'll use their API and acme.sh supports it. There may be others.

I am doing this right now for a single domain; I have yet to set up nginx to do it for multiple services. On the todo list :)

Edit: Nice list of DNS providers that support DNS validation with ACME: https://docs.traefik.io/https/acme/ . Dynu is on there, so is Dyn, DuckDNS, MyDNS.jp, the list goes on. Plenty of options.
Edit2: The reason I chose dynu for my own setup is a) it works seamlessly with acme.sh and b) it supports AAAA records and a whole bunch of other things beyond just "A" and c) there was an easy update agent available, so my IP is always up-to-date.
 
Last edited:

1337Hacker

Dabbler
Joined
Oct 22, 2017
Messages
27
Thank you for all the information!

In your local DNS records. Generally this is something that would be done in your router, assuming your router provides DNS service for your LAN.

If that can be done with port triggering, then yes. Are there any guides to set this up? There's a lot of information for domain controllers and VPNs, but I do not believe that's what I'm trying to accomplish.

Edit: Nice list of DNS providers that support DNS validation with ACME: https://docs.traefik.io/https/acme/ . Dynu is on there, so is Dyn, DuckDNS, MyDNS.jp, the list goes on. Plenty of options.

I suppose it's an annual registration cost, but will acme.sh work with NameCheap domains? It looks like it's on the list, but I've read a lot of articles where Cloudflare is preferred for some reason.

I am doing this right now for a single domain; I have yet to set up nginx to do it for multiple services. On the todo list :)

Maybe we should put together an up-to-date post about the process. I know I'm not the only one scratching my head with this. Plus I'm not sure how many of these help articles are still current.
 
Last edited:

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
And will acme.sh work with NameCheap domains or is Cloudflare preferred?
acme.sh doesn't care in the least who your domain registrar is. Unless you're using DNS validation, it also doesn't care who hosts your DNS. If you are using DNS validation, you need to either write your own script to update your provider's records, or use one of the supported DNS hosts. That list is here:
 

me@act

Cadet
Joined
Aug 29, 2023
Messages
2
Highly recommend doing this with dynamic DNS. There are dynamic DNS providers that work with Let's Encrypt. dynu is one, you'll use their API and acme.sh supports it. There may be others.

I am doing this right now for a single domain; I have yet to set up nginx to do it for multiple services. On the todo list :)

Edit: Nice list of DNS providers that support DNS validation with ACME: https://docs.traefik.io/https/acme/ . Dynu is on there, so is Dyn, DuckDNS, MyDNS.jp, the list goes on. Plenty of options.
Edit2: The reason I chose dynu for my own setup is a) it works seamlessly with acme.sh and b) it supports AAAA records and a whole bunch of other things beyond just "A" and c) there was an easy update agent available, so my IP is always up-to-date.
Hello Yorick,

I know it's a very old thread, but I am new to the TrueNas area. Hope you can help me setting up SSL with Dynu. Could you please tell me the steps to achieve that?

* I have Scale installed, and my own domain set up with Dynu. The domain name is resolving to my real IP already.

Thank you in advance.

Meact.
 

Yorick

Wizard
Joined
Nov 4, 2018
Messages
1,912
Top