So, before I begin, I have been running TrueNAS since it was FreeNAS. Starting sometime around 2017. I have my own CA that issues short-lived certificates:
(Its a great homelab project, I highly recommend it).
I have normally been running two shell scripts from cron that keep the certificates up to date in TrueNAS Core:
Hourly check script as a “failsafe” if the main script does not run on time:
#!/bin/bash
if echo -n | openssl s_client -showcerts -servername freenas.home.lan -connect freenas.home.lan:443 2>/dev/null | openssl x509 -checkend 600
then
echo "Certificate is good, don't renew."
else echo "Certificate has expired or will do soon!"
echo "(or is invalid/not found)"
echo "Forcing renewal."
/root/freenas_certificate.sh
fi
The main script:
#!/bin/bash
# get cert working
/usr/sbin/service nginx stop
/root/.acme.sh/acme.sh --issue --force --standalone -d freenas.home.lan -d freenas --server https://tinyca.home.lan/acme/acme/directory --ca-bundle /root/certs/ca.crt --key-file /root/.step/certs/freenas.key /usr/sbin/service nginx start
# place cert
/root/git_scripts/deploy-freenas/deploy_freenas.py
This has been working for years. And if I am to be honest, I forget how I set it up (but is based on an old community post where other TrueNAS users are doing the same thing).
My certificate did not renew today, and I cannot make it manually renew:
This is all based around the excellent contribution from danb35:
This old method that I use, has unfortunately destroyed the GUI for TrueNAS Scale post upgrade:
I still have SSH access.
Any ideas on the best way to repair this?