TrueNAS CORETrueNAS CORE Nightly Development Documentation
This content follows experimental early release software. Use the Product and Version selectors above to view content specific to a stable software release.

Configuring ACME DNS

This feature is only available in the open-source supported TrueNAS CORE.

Automatic Certificate Management Environment (ACME) is available for automating certificate issuing and renewal. The user must verify ownership of the domain before certificate automation is allowed.

ACME certificate automation requires an ACME DNS Authenticator and a Certificate Signing Request.

Adding ACME DNS Authenticators

Go to System > ACME DNS and click ADD.


Name the authenticator. Leave Authenticator set to Route53. Enter the Access ID Key and Secret Access Key from Amazon.

Amazon Route 53 is the only supported DNS provider in TrueNAS CORE. See the AWS documentation for more details about generating the Access ID Key and Secret Access Key.

Click SUBMIT to register the DNS Authenticator and add it to the authenticator options for ACME Certificates.

Creating ACME Certificates


You can create ACME certificates for existing certificate signing requests. The certificates use an ACME DNS authenticator to confirm domain ownership. Then, they are automatically issued and renewed.

To create a new ACME certificate, go to System > Certificates, click (Options) for an existing certificate signing request, and select Create ACME Certificate.

Give the ACME certificate an identifier (name), and accept the TOS by setting Terms of Service.

For the Authenticator, select the ACME DNS authenticator you created, then click SUBMIT.