TrueNAS SCALETrueNAS SCALE Nightly Development Documentation
This content follows experimental early release software. Use the Product and Version selectors above to view content specific to a stable software release.

ACME DNS-Authenticators Screens

The Certificates screen includes the ACME DNS-Authenticators widget that displays a list of configured authenticators. The Automatic Certificate Management Environment (ACME) DNS-Authenticators screen allows users to automate certificate issuing and renewal. The user must verify ownership of the domain before TrueNAS allows certificate automation.

ACME DNS is an advanced feature intended for network administrators or AWS professionals. Misconfiguring ACME DNS can prevent you from accessing TrueNAS.
ACME DNS-Authenticators Widget with No Authenticators
Figure 1: ACME DNS-Authenticators Widget with No Authenticators

Each authenticator listed is a link that opens the Edit ACME DNS-Authenticator screen for the selected authenticator.

delete deletes the authenticator from your server.

Add opens the Add ACME DNS-Authenticator screen.

The system requires an ACME DNS authenticator and CSR to configure ACME certificate automation.

Add DNS Authenticator

Fields change based on Authenticator selection.

Add DNS Authenticator
Figure 2: Add DNS Authenticator
NameRequired. Enter an internal identifier for the authenticator.
AuthenticatorSelect a DNS provider from the dropdown list and configure any required authenticator attributes. Options are cloudflare, Amazon route53, OVH, and shell.


cloudflare activates the Cloudflare Email, API Key, and API Token fields.

Add DNS Authenticator - Cloudflare
Figure 3: Add DNS Authenticator - Cloudflare
Cloudflare EmailEnter the email address for the Cloudflare account.
API KeyEnter the API Key.
API TokenEnter the API token.

Route 53

route53 activates the Access Key Id and Secret Access Key fields.

Add DNS Authenticator - Route 53
Figure 4: Add DNS Authenticator - Route 53
Access Key IdEnter the access key ID.
Secret Access KeyEnter the secret access key.


OVH activates the OVH Application Key, OVH Application Secret, OVH Consumer Key, and OVH Endpoint fields.

Add DNS Authenticator - OVH
Figure 5: Add DNS Authenticator - OVH
OVH Application KeyEnter the application key.
OVH Application SecretEnter the application secret.
OVH Consumer KeyEnter the consumer key.
OVH EndpointEnter the endpoint.


Enables users to pass an authenticator script, such as, to shell and add an external DNS authenticator. shell activates the Authenticator script, Running user, Timeout, and Propagation delay fields.

The shell authenticator option is meant for advanced users. Improperly configured scripts can result in system instability or unexpected behavior.
Add DNS Authenticator - Shell
Figure 6: Add DNS Authenticator - Shell
Authenticator scriptEnter the path to an ACME DNS authenticator script on the system.
Running userEnter the username of the account that initiates the script, usually admin.
TimeoutEnter a timeout length (in seconds) for generated certificates.
Propagation delayEnter a DNS propagation delay time (in seconds) for ISP domain caching.