ACME DNS-Authenticators Screens
2 minute read.Last Modified 2023-11-30 10:15 EST
The Certificates screen includes the ACME DNS-Authenticators widget that displays a list of configured authenticators. The Automatic Certificate Management Environment (ACME) DNS-Authenticators screen allows users to automate certificate issuing and renewal. The user must verify ownership of the domain before TrueNAS allows certificate automation.
ACME DNS is an advanced feature intended for network administrators or AWS professionals. Misconfiguring ACME DNS can prevent you from accessing TrueNAS.
Each authenticator listed is a link that opens the Edit ACME DNS-Authenticator screen for the selected authenticator.
deletes the authenticator from your server.
Add opens the Add ACME DNS-Authenticator screen.
The system requires an ACME DNS authenticator and CSR to configure ACME certificate automation.
Fields change based on Authenticator selection.
cloudflare activates the Cloudflare Email, API Key, and API Token fields.
|Cloudflare Email||Enter the email address for the Cloudflare account.|
|API Key||Enter the API Key.|
|API Token||Enter the API token.|
route53 activates the Access Key Id and Secret Access Key fields.
|Access Key Id||Enter the access key ID.|
|Secret Access Key||Enter the secret access key.|
OVH activates the OVH Application Key, OVH Application Secret, OVH Consumer Key, and OVH Endpoint fields.
|OVH Application Key||Enter the application key.|
|OVH Application Secret||Enter the application secret.|
|OVH Consumer Key||Enter the consumer key.|
|OVH Endpoint||Enter the endpoint.|
Enables users to pass an authenticator script, such as acme.sh, to shell and add an external DNS authenticator. shell activates the Authenticator script, Running user, Timeout, and Propagation delay fields.
The shell authenticator option is meant for advanced users. Improperly configured scripts can result in system instability or unexpected behavior.
|Authenticator script||Enter the path to an ACME DNS authenticator script on the system.|
|Running user||Enter the username of the account that initiates the script, usually admin.|
|Timeout||Enter a timeout length (in seconds) for generated certificates.|
|Propagation delay||Enter a DNS propagation delay time (in seconds) for ISP domain caching.|