Memes! TrueNAS, ZFS, and related | (Share your own!)

Sara · October 16, 2025, 3:33pm

To be honest, I don’t know what was the Websocket API and what the REST implementation.
I only know that for Proxmox or OPNsense or any other appliance, I can simply select deSEC (or any other DNS provider and not only Cloudflare) as challenge type and get a cert. That is what I consider as “normal”.
TrueNAS on the other hand, selecting “shell” as auth and providing a path to a script, is the kid in the picture.

swc-phil · October 16, 2025, 3:37pm

Oh, I did try that. But that approach is not even documented (at least it wasn’t ATM). So I just gave up.

Did you manage to issue a cert for the desec-hosted domain?

And even openwrt! Well, tbh, they all had their bumps.

Sara · October 16, 2025, 7:47pm

Nope. Like you said, the documentation is none existent, the webGUI behaves wired and acts up sometimes and troubleshooting was too complicated for me. I also gave up.

swc-phil · October 16, 2025, 8:30pm

Too bad, I had hopes.

You can use Dan’s scripts. Or deploy a container like me.

My 'solution':

DISCLAIMER! Run it at your own risk!

Params are kinda self-explanatory. Run 2 commands inside the container after compose up to issue and deploy the cert.

It would update the cert in time if you leave the container running. Tested in 24.10, still wasn’t tested in 25.04 (next renewal in November). Credits for leaving the container go to Dan.

## https://github.com/acmesh-official/acme.sh/wiki/Run-acme.sh-in-docker
## https://gist.github.com/SamEureka/504eb35b963bb64ec20d0e94169b497e
volumes:
  acme:
    name: acme--${A_RECORD}
    driver: local

services:
  acme-sh:
    ## https://hub.docker.com/r/neilpang/acme.sh/tags
    image: neilpang/acme.sh:3.1.0
    container_name: acme--truenas
    restart: unless-stopped
    network_mode: host
    stdin_open: true
    tty: true
    volumes:
      - acme:/acme.sh

    environment:
      - DEDYN_TOKEN=${DESEC_TOKEN}
      - DEPLOY_TRUENAS_APIKEY=${TRUENAS_APIKEY}
      - DEPLOY_TRUENAS_HOSTNAME=${A_RECORD}.${DESEC_DOMAIN}
      - DEPLOY_TRUENAS_SCHEME=https
    command: daemon 
  ### ####
  ### Execute once inside the container /bin/sh
  ### acme.sh --issue --debug 2 -d "${DEPLOY_TRUENAS_HOSTNAME}" --server letsencrypt --dns dns_desec
  ### acme.sh --insecure --deploy --debug 2 -d "${DEPLOY_TRUENAS_HOSTNAME}" --deploy-hook truenas

Sara · October 17, 2025, 6:25am

Thanks, but I really don’t like having running containers just to get ACME.

I still hope that TrueNAS will sort it out.
Or that I am done shitposting memes and open up a good feature request in the future

winnielinnie · October 22, 2025, 11:55pm

Even for ZFS, it’s true.

swc-phil · October 23, 2025, 12:49am

Well, some of those shrooms are actually edible. And could even make you feel like an AI yourself.

etorix · October 23, 2025, 6:58pm

Just don’t ask an AI to assist in diagnosing whether your picks are A. muscaria rather than A. phalloides or A. pantherina.

swc-phil · October 23, 2025, 10:51pm

Fun fact: a friend of mine saw fly agarics at the local market about 15 years ago. Now he is a grown-up man and ~~prefers to talk about himself in the third person~~ resides in the Netherlands as a true man of culture.