I just set up my 3rd TN server. I’ve had no issues using the built in tools on the other 2 in order to set up and use LE SSL certs. On this 3rd server when I click save on the CSR I get a box that pops up for about 1/10th second, then goes away. All my settings look correct. What log would I check to try and track down the issue?
I just tried creating a CSR on my 25.04.1 and didn’t have any problems. There are multiple profiles and options to choose from, I used all the defaults. Perhaps your issue is due to a particular option you’ve chosen?
I created a new API token on Cloudflare with zone read and dns edit properties:
Then I made a new csr with standard options set:
Then I tried to get a cert:
I tried with production a few times, then switched to staging as I didn’t want to blow out my requests depending one what’s going on.
Is there a log I can search that may have a clue as to what’s going on?
You should never paint over your secrets like that. Chars can be guessed by their visible parts and width. I suggest you revoke this token.
Still looking for information that might help me solve the problem. Like log files or similar.
I hadn’t use the built-in truenas mechanism for cert issuing (because it doesn’t have my dns provider). However, the staging directory on this screen
seems kinda strange. Or did you choose it on purpose for preventing limit exhaustion?
I don’t know the exact path, but you can try to find them with something like sudo find /var/ -type d -name 'letsencrypt'.
That would have been nice, but no results.
Didn’t pay enough attention – my bad.
I’m almost out of ideas. Mb you should try to issue it from another browser or with porn incognito/inprivate mode. You can also look for the errors during cert issue inside the browser’s devtools, as a 1/10th second popup doesn’t sound fine.
In terms of places to look for errors, /var/log/messages and /var/log/syslog are always good places to start.
Try also /var/log/middlewared.log
Nothing in any of those logs. I’m guessing that it’s failing before it even has a chance to log anything.
You might want to try submitting a bug report through the GUI and attaching a debug file–maybe the iX crew can figure out where it’s failing.
I’m running into a similar issue. Did you ever figure this out?
No. I’ve given up for now. Once a new version comes out I’ll try again.
If you come up with anything yourself please post here.
Has anyone who’s experienced this yet put in a bug report?
It seems to work reliably for so many people that it’s probably not a bug. It’s more likely a problem with my setup.
You can lead a horse to water…
I’m hesitant to report a bug because I’m new to TrueNAS and haven’t yet convinced myself that it’s not my fault.
An example - I watched a video of a guy walking through setting up a cert. He claimed that CSRs would fail if you hadn’t set the email field on the truenas_admin and root accounts. That surprised me so I populated those with the same email that I used for Cloudflare and tried it all again. It didn’t fix the issue but if there’s some other idiosyncratic thing I need to do, I’d like to figure that out before I report it as a bug.
I’m not new to certs or CSRs or any of this. I have working NPM instances on other devices, for example, which get wildcard certs using Cloudflare DNS authentication.
Here’s a little more info on what I saw.
On my first pass through the process, this is what happened.
- Created an Authenticator for Cloudflare.
- Created a CSR for *.mydomain.com using the Authenticator
- Clicked the wrench on the CSR, filled out the form, clicked Save.
At this point, a window came up with a progress bar and then I got an error. The error said something about a field of range or something like that. I should have saved the text. I didn’t.
I went and looked at the CSR. I noticed a typo in the domain name. I deleted the CSR and created a new, corrected version.
I clicked the wrench, got the form, filled it out, clicked Save. This time the progress dialog came up and disappeared quickly. The “Create ACME Certificate” form stayed up and the Save button remained clickable. Same thing happens if I click it again - a quick progress dialog that appears and then disappears.
One theory is that the first failed attempt, that showed an error dialog, left something behind somewhere.
If this sounds complete enough to submit as a bug, I’m more than willing to do that. I don’t want to do that without feeling at least a bit more confident that this isn’t user error.
I am having the exact same problem. Brand new install of Truenas (i’ve tried 25.04 and 25.10 as a test). I have a little more debugging information to provide (assuming its the same issue)
When I go to sign the cert I get a popup that flashes
certificate.create
Initial validation complete
if I try from the CLI I get this:
[nas02]> system certificate create csr_id=7 create_type=CERTIFICATE_CREATE_ACME tos=true renew_days=10 dns_mapping={"DNS:REDACTED FQDN":1} name=nas acme_directory_uri="https://acme-v02.api.let
sencrypt.org/directory"
[10%] Initial validation complete...
Error: MatchNotFound()
If I try to run certbot by itself from the shell, I get this:
sudo: process 13733 unexpected status 0x57f
Killed
I’m at a complete loss.
This should be 30, not 10. It’s a completely idiotic default. But that isn’t your immediate problem. Will somebody who’s experiencing this problem please file a bug on it?
I wouldn’t at all expect certbot to work from the shell, but cert issuance should work and has worked. It still works for me, but obviously it isn’t for everyone.
1 Like