-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Resource icon
- Thread starter danb35
- Start date
bluonek
Dabbler
- Joined
- Oct 27, 2014
- Messages
- 34
Makes sense. I was looking right at those lines, but thought it was just making an array, missed that it was actually pushing the json to TrueNAS in that very call. Thanks! =)
Worth noting it looks like this can be done within the UI in Scale now. https://www.truenas.com/docs/scale/...ertificates/settingupletsencryptcertificates/
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
I think it's already been noted up-thread. Yes, it can (just as it can with CORE), but with extremely limited choice of DNS hosts. CORE only includes Route53; SCALE includes Route53 and Cloudflare. I think Cloudflare is a good choice for a lot of people--it's featureful and free, and I've been using it myself for some time--but it's still a far cry from the 150+ providers supported by acme-dns.
It doesn't help that the TrueNAS UX for cert creation is needlessly Byzantine with nonsensical defaults--you're required to create a CSR, and enter a bunch of information (all of which is required--name, city, state, country, etc.) which Let's Encrypt is going to strip out of the cert. It then defaults to renewing 10 days before cert expiration, which means you'll certainly get one, and possibly two, warning emails that your cert is about to expire.
revengineer
Contributor
- Joined
- Oct 27, 2019
- Messages
- 193
How do I go about updating just acme.sh script? Do I just run
curl https://get.acme.sh | sh -s email=you@yourdomain.com again, or do I also need to redo other steps?revengineer
Contributor
- Joined
- Oct 27, 2019
- Messages
- 193
Nice that's convenient. Thanks for the quick response!
MrBucket101
Dabbler
- Joined
- Jul 9, 2018
- Messages
- 18
You can configure acme certs in the scale UI now.
- Joined
- Dec 31, 2021
- Messages
- 973
revengineer
Contributor
- Joined
- Oct 27, 2019
- Messages
- 193
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Yes, we know; it was posted just five posts above yours. And it's also a feature in CORE--if you're using one of the two (for SCALE) or one (for CORE) supported DNS providers. As was posted four posts above yours.
It's for either, really; the API is the same in this regard.
It appears that CORE 13.3 will slightly expand the list of supported providers--Cloudflare seems pretty likely, and it sounded like there were one or two others that were going to be added as well. If you're using a supported provider, getting your cert through the GUI may make sense. Though if you're also using FTPS, S3, or WebDAV, or other services that would use a certificate, you may still want to use my script to ensure they all change to use the new cert when it's issued.
It's in System -> ACME DNS, set up an authenticator there (if you have Route53 DNS, the only one that's supported), and go from there. It's ugly and awkward, but I believe it works.
revengineer
Contributor
- Joined
- Oct 27, 2019
- Messages
- 193
This actually does ring a bell. I checked it out early on but had to abandon because cloudflare is not supported. As I wrote before, very happy with your provided solution now, and there are reasons to continue to stick with it.
Similar threads
- Deleted member 104047
- General Questions and Help
