Got tired of typing the IP address, and I also was in the middle of testing potentially running services on subdomains of the NAS, which I would have needed a certificate for.
References:
- https://www.caseyjdavis.com/blog/truenas-letsencrypt-ssl/
- https://www.truenas.com/docs/scale/22.12/scaletutorials/credentials/certificates/settingupletsencryptcertificates/
Prerequisite: own a domain
Steps:
- Add an Account API Token in Cloudflare admin panel with edit DNS permissions for given domain
- In TrueNAS, Credentials → Certificates:
- Add an ACME DNS-Authenticator
- Name: your choosing
- API token: what you just generated
- Create a CSR (Certificate Signing Request) - default if not specified
- Name: your choosing
- Personal information: as applicable
- Common name:
mydomain.net - Subject alternative name:
*.mydomain.net(for wildcard certificate)
- Click the wrench icon next to new CSR to create a certificate
- Identifier: your choosing
- Tick box for Terms of Service
- ACME server directory URI: production
- Domains: select your domain in both dropdowns
- Add an ACME DNS-Authenticator
- In System → General Settings → GUI (activate the certificate)
- GUI SSL Certificate: your newly created certificate
- Tick the box for HTTP → HTTPS redirect
EOF