Truenas¶
What is Truenas ?¶
Truenas is a family of network-attached storage (NAS) products produced by iXsystems, incorporating both FOSS, as well as commercial offerings.
ACME DNS Challenge with vault PKI and PDNS¶
- Create a dataset (home directories can't execute scripts see here)
- Select an user and create an API Key for it
- Connect to truenas through SSH with your user and execute every action with it (do not use root) and move inside your new dataset
- Clone acme.sh
git clone https://github.com/acmesh-official/acme.sh .acme.sh - Create an env file
/home/<user>/.acme.sh.envwith the below contents
# PDNS
PDNS_Url=<TO_REPLACE>
PDNS_ServerId=localhost
PDNS_Token=<TO_REPLACE>
PDNS_Ttl=60
# PKI CA
CA_CERT_PATH=/etc/ssl/certs/ca-certificates.crt
# Truenas
DEPLOY_TRUENAS_APIKEY=<TO_REPLACE>
DEPLOY_TRUENAS_SCHEME=https
- Change your current directory to acme.sh project
cd .acme.sh - Register ACME server
./acme.sh --set-default-ca --server <vault_acme_url> --home /home/admin(in my casehttps://vault.unicornafk.fr:8200/v1/pki/acme/directory) - Register DNS issuer
./acme.sh --issue --insecure --dns dns_pdns -d <truenas_fqdn> --dnssleep 30 --home /home/admin - Deploy the certificate
./acme.sh -d <truenas_fqdn> --insecure --deploy --deploy-hook truenas --home /home/admin -
Setup cron through the webui
-
Description: ACME.Sh renew certificates
- User:
<user> - Schedule: Daily
-
Command:
. /home/<user>/.acme.sh.env && "<dataset path>/.acme.sh"/acme.sh --issue --dns dns_pdns -d <truenas_fqdn> --dnssleep 30 --insecure --deploy --deploy-hook truenas --ca-bundle /home/admin/ca.crt --home /home/admin -
If you want to check if your cron is successfull run it and check the log with
cat /var/log/syslog | grep -w 'cron'
!! info "sudo is broken https://ixsystems.atlassian.net/browse/NAS-131540"