I was excited to see that TrueNAS SCALE included AMCE DNS-Authenticator. However, iXsystems chose to only include Cloudflare and route53 (aka AWS) DNS API was somewhat of a disappointment. Cloudflare and route53 are not really popular domain providers for personal use. Although Cloudflare is more affordable compared to AWS, it’s still more expensive than most domain providers. I don’t see any reason not to include all the DNS APIs already supported by the AMCE shell script. Even pfSense included all DNS API in pfSense + (pfSense paid product). For a full list of DNS API supported by AMCE shell script, please visit amce.sh official page: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
➡️If you think this tutorial is helpful, please support my channel by subscribing to my YouTube channel or by using the Amazon/eBay/ClouDNS Affiliated links below (Full Disclaimer). I will get a small commission from your purchase to grow my channel:
🚀 ClouDNS Affiliated: https://www.cloudns.net/aff/id/255803/
🚀 Things I used for my server: https://amzn.to/3hudohP
🚀 Tools I used: https://amzn.to/3uXaSUr
🚀 Devices I used: https://amzn.to/3FYlfxk
🚀 Networking/Cybersecurity/Programming Books: https://amzn.to/3HEYwb0
🚀 TrueNAS HBA SAS controller IT Mode from the Art of Server: https://ebay.us/cBWEvJ
🧧 PayPal Donation: https://www.paypal.com/paypalme/sysadmin102
You can watch the tutorial on YouTube for more detailed instructions:
The first step is to update your network setting. Under Network > Global Configuration. You can change your Hostname and Domain from here. By default, the domain name is set as local. You will need to change it to a Fully Qualified Domain Name (FQDN) as shown below:
You would need to restart your system for the Hostname change and domain name change to take effect. Once your TrueNAS restarted, the next step is to install the acme.sh shell script using the below command:
curl https://get.acme.sh | sh -s firstname.lastname@example.org
Use the ACME DNS API wiki to determine the correct syntax for your Domain service provider:
The syntax below is for ClouDNS API
# Use this for a sub auth ID
# Use this for a regular auth ID
Make sure to put the credential in the quotation mark ” “
The next step is to request a certificate from Let’s Encrypt server by using the below command:
acme.sh --issue --dns dns_your --keylength 4096 -d truenasscale.sysadmin102.tech
Replace dns_your with your DNS API listed on the ACME Wiki. You can skipped the –keylength 4096 if you wish toy use the default setting
If everything runs smoothly, your screen should have something similar to the screenshot below:
Next, you will need to generate a API Key on TrueNAS to deploy the certificate.
After you generate the API Key, copy it, we will need it to deploy the certs on TrueNAS
You will need the Python script written by a user named danb35@TrueNAS to deploy the certificate. You will clone his certificate to your TrueNAS using the command below:
git clone https://github.com/danb35/deploy-freenas
Once you’ve downloaded the script, you’ll need to create a configuration file called deploy_config. The git repo has an example (deploy_config.example) that you can copy and modify, or you can write your own from scratch.
Open the deploy_config.example and save it as deploy_config using the nano text editor.
Remove the # in front of api_key and add the API key that you generated earlier
Add # in front of password = YourSuperSecurePassword#@#$* to disable the password option.
Next, you will deploy the certificate using the below command:
acme.sh --install-cert -d truenasscale102.tech --reloadcmd "~/deploy-freenas/deploy_freenas.py"
Once the command is successfully run, you will get the message “Certificate import successfully.” Your Web Service will restart.
Log in after the system restarted. Then, navigate to System Settings > GUI > Settings and enable Web Interface HTTP -> HTTPS Redirect.
The system will restart Web Service, once it restarted, you will no longer see the red line over the lock icon because your certificate is signed by ZeroSSL.
Lastly, you need to create a Cron Job to renew the certificate automatically. Navigate to the System Settings > Advanced > Add. Disregard the Warning message by selecting “Close.”
Under the description box: enter whatever describes the job. Under the command enter the below command:
Congratulation, you have successfully deployed Let’s Encrypt Certificate on your TrueNAS.
Official ACME Github: https://github.com/acmesh-official/acme.sh
Official ACME DNS API Wiki: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
Credit to danb35@TrueNAS. Link to the original post: https://www.truenas.com/community/resources/lets-encrypt-with-freenas-11-1-and-later.82/