How to clear ACME DNS authenticators

Gerard_Samuel · February 20, 2026, 7:17pm

I am using TrueNAS 25.10.1 - Goldeye.

I was attempting to set up an ACME DNS-01 challenge with an internal CA. I was tearing things down to try again, and I am unable to clear the red stop for DNS Authenticators:

How can I clear this?

Thanks for any help you can provide!

numo68 · February 21, 2026, 8:45am

I think this happened to me with a shell authenticator pointing to a script that did not exist anymore, or maybe was inaccessible to the stated user. Just re-creating the file made it possible to proceed.

What does

midclt -U truenas_admin -P your_password call acme.dns.authenticator.query

say? If it gives you an output, you can use acme.dns.authenticator.delete to remove the offender, but I am afraid that the query fails as well which is why the GUI shows an error. I’d suggest to file a bug if that’s the case, as a querying API call should IMO not be failing hard just because a consistency check of the already stored data failed.

Gerard_Samuel · February 21, 2026, 3:08pm

@numo68 Thanks for the tip.

Running midclt -U truenas_admin -P your_password call acme.dns.authenticator.query reported many validation errors. But I did see that it referenced a script I had deleted.

I recreated the file path with a blank script file, and the GUI/CLI errors were cleared. I was then able to remove the offending entries in the portal. Now all is good again.

This ACME implementation is rough

Errors for bug-report/posterity:

30 validation errors for ACMEDNSAuthenticatorQueryResult
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.CloudFlareSchema.authenticator
  Input should be 'cloudflare' [type=literal_error, input_value='shell', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/literal_error
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.CloudFlareSchema.script
  Extra inputs are not permitted [type=extra_forbidden, input_value='/mnt/pool01/home/acme/dns-01-challenge.sh', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.CloudFlareSchema.user
  Extra inputs are not permitted [type=extra_forbidden, input_value='acme', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.CloudFlareSchema.timeout
  Extra inputs are not permitted [type=extra_forbidden, input_value=120, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.CloudFlareSchema.delay
  Extra inputs are not permitted [type=extra_forbidden, input_value=60, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.authenticator
  Input should be 'digitalocean' [type=literal_error, input_value='shell', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/literal_error
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.digitalocean_token
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.script
  Extra inputs are not permitted [type=extra_forbidden, input_value='/mnt/pool01/home/acme/dns-01-challenge.sh', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.user
  Extra inputs are not permitted [type=extra_forbidden, input_value='acme', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.timeout
  Extra inputs are not permitted [type=extra_forbidden, input_value=120, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.delay
  Extra inputs are not permitted [type=extra_forbidden, input_value=60, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.authenticator
  Input should be 'OVH' [type=literal_error, input_value='shell', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/literal_error
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.application_key
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.application_secret
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.consumer_key
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.endpoint
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.script
  Extra inputs are not permitted [type=extra_forbidden, input_value='/mnt/pool01/home/acme/dns-01-challenge.sh', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.user
  Extra inputs are not permitted [type=extra_forbidden, input_value='acme', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.timeout
  Extra inputs are not permitted [type=extra_forbidden, input_value=120, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.delay
  Extra inputs are not permitted [type=extra_forbidden, input_value=60, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.authenticator
  Input should be 'route53' [type=literal_error, input_value='shell', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/literal_error
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.access_key_id
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.secret_access_key
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.script
  Extra inputs are not permitted [type=extra_forbidden, input_value='/mnt/pool01/home/acme/dns-01-challenge.sh', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.user
  Extra inputs are not permitted [type=extra_forbidden, input_value='acme', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.timeout
  Extra inputs are not permitted [type=extra_forbidden, input_value=120, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.delay
  Extra inputs are not permitted [type=extra_forbidden, input_value=60, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.ShellSchema.script
  Path does not point to a file [type=path_not_file, input_value=PosixPath('/mnt/pool01/ho...me/dns-01-challenge.sh'), input_type=PosixPath]
result.ACMEDNSAuthenticatorQueryResultItem
  Input should be a valid dictionary or instance of ACMEDNSAuthenticatorQueryResultItem [type=model_type, input_value=[{'id': 1, 'name': 'LegoA...out': 60, 'delay': 60}}], input_type=list]
    For further information visit https://errors.pydantic.dev/2.9/v/model_type
result.int
  Input should be a valid integer [type=int_type, input_value=[{'id': 1, 'name': 'LegoA...out': 60, 'delay': 60}}], input_type=list]
    For further information visit https://errors.pydantic.dev/2.9/v/int_type
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/middlewared/api/base/server/ws_handler/rpc.py", line 361, in process_method_call
    result = await method.call(app, id_, params)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/api/base/server/method.py", line 69, in call
    return await self._dump_result(app, methodobj, result)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/api/base/server/method.py", line 72, in _dump_result
    return self.middleware.dump_result(self.serviceobj, methodobj, app, result)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 864, in dump_result
    return serialize_result(new_style_returns_model, result, expose_secrets, self.dump_result_allow_fallback)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/api/base/handler/result.py", line 23, in serialize_result
    return model(result=result).model_dump(
           ^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/main.py", line 212, in __init__
    validated_self = self.__pydantic_validator__.validate_python(data, self_instance=self)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pydantic_core._pydantic_core.ValidationError: 30 validation errors for ACMEDNSAuthenticatorQueryResult
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.CloudFlareSchema.authenticator
  Input should be 'cloudflare' [type=literal_error, input_value='shell', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/literal_error
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.CloudFlareSchema.script
  Extra inputs are not permitted [type=extra_forbidden, input_value='/mnt/pool01/home/acme/dns-01-challenge.sh', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.CloudFlareSchema.user
  Extra inputs are not permitted [type=extra_forbidden, input_value='acme', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.CloudFlareSchema.timeout
  Extra inputs are not permitted [type=extra_forbidden, input_value=120, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.CloudFlareSchema.delay
  Extra inputs are not permitted [type=extra_forbidden, input_value=60, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.authenticator
  Input should be 'digitalocean' [type=literal_error, input_value='shell', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/literal_error
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.digitalocean_token
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.script
  Extra inputs are not permitted [type=extra_forbidden, input_value='/mnt/pool01/home/acme/dns-01-challenge.sh', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.user
  Extra inputs are not permitted [type=extra_forbidden, input_value='acme', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.timeout
  Extra inputs are not permitted [type=extra_forbidden, input_value=120, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.DigitalOceanSchema.delay
  Extra inputs are not permitted [type=extra_forbidden, input_value=60, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.authenticator
  Input should be 'OVH' [type=literal_error, input_value='shell', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/literal_error
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.application_key
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.application_secret
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.consumer_key
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.endpoint
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.script
  Extra inputs are not permitted [type=extra_forbidden, input_value='/mnt/pool01/home/acme/dns-01-challenge.sh', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.user
  Extra inputs are not permitted [type=extra_forbidden, input_value='acme', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.timeout
  Extra inputs are not permitted [type=extra_forbidden, input_value=120, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.OVHSchema.delay
  Extra inputs are not permitted [type=extra_forbidden, input_value=60, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.authenticator
  Input should be 'route53' [type=literal_error, input_value='shell', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/literal_error
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.access_key_id
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.secret_access_key
  Field required [type=missing, input_value={'authenticator': 'shell'...eout': 120, 'delay': 60}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/missing
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.script
  Extra inputs are not permitted [type=extra_forbidden, input_value='/mnt/pool01/home/acme/dns-01-challenge.sh', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.user
  Extra inputs are not permitted [type=extra_forbidden, input_value='acme', input_type=str]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.timeout
  Extra inputs are not permitted [type=extra_forbidden, input_value=120, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.Route53Schema.delay
  Extra inputs are not permitted [type=extra_forbidden, input_value=60, input_type=int]
    For further information visit https://errors.pydantic.dev/2.9/v/extra_forbidden
result.list[ACMEDNSAuthenticatorQueryResultItem].0.attributes.ShellSchema.script
  Path does not point to a file [type=path_not_file, input_value=PosixPath('/mnt/pool01/ho...me/dns-01-challenge.sh'), input_type=PosixPath]
result.ACMEDNSAuthenticatorQueryResultItem
  Input should be a valid dictionary or instance of ACMEDNSAuthenticatorQueryResultItem [type=model_type, input_value=[{'id': 1, 'name': 'LegoA...out': 60, 'delay': 60}}], input_type=list]
    For further information visit https://errors.pydantic.dev/2.9/v/model_type
result.int
  Input should be a valid integer [type=int_type, input_value=[{'id': 1, 'name': 'LegoA...out': 60, 'delay': 60}}], input_type=list]
    For further information visit https://errors.pydantic.dev/2.9/v/int_type

Topic		Replies	Views
25.04.2 Oh No my VM's not working :( TrueNAS General	24	698	August 6, 2025
Fangtooth imported zvolume and newly created VM results in ValidationError TrueNAS General Fangtooth	10	251	June 8, 2025
Validation Error in Containers (25.04.2.4) Apps and Virtualization SCALE	3	80	November 4, 2025
Cannot create an instance - Validation Error "input should be a valid string" Apps and Virtualization SCALE , VM	1	303	July 2, 2025
Fangtooth Discussion Thread TrueNAS General SCALE , Fangtooth	50	2291	March 28, 2025

How to clear ACME DNS authenticators

Related topics