I’m on 25.10.2.1 and as far as I can read there should be a manual renew option for an ACME (Cloudflare) cert. I can’t find a renew anywhere in Credentials:Certificates. The Google brain says it should be there in Goldeye, but I don’t see it. I renewed the API Token in case there was an issue, but can’t see a manual renew. It’s set to renew 30 days prior, and I got an error message before I updated the token that it expires in 15 days.
It could help if you quote where you are getting your information and some screenshots so other can try to follow along or compare to different TrueNAS versions.
@Robert_Anderson, are you an AI? Neither of the GUI paths you give (System → Trust → Certificates or Services → ACME Client → Certificates) exist in any version of TrueNAS SCALE/CE that’s been released (I haven’t played with the nightlies for 26, but that isn’t what OP’s using anyway). Services → ACME client does exist in OPNsense, but that’s a completely different product.
@mntbighker, notwithstanding the GUI paths that Robert has just invented (you’re correct that you’d be in Credentials → Certificates), he’s correct that there isn’t a “Renew” button, and there shouldn’t be a need for one; renewal happens automatically. If you need to manually renew a cert for some reason, click the kebab menu next to the CSR on that page, and select Create ACME Certificate.
But where are you seeing the message that “it” (whatever “it” is) expires in 15 days? If you’re talking about a cert, Let’s Encrypt stopped sending expiration notices about 9 months ago.
2 Likes
Second time (at least) that person posts completely fabricated BS. Excuse my French.
1 Like
Thanks Dan,
I refreshed the token yesterday after the certificate.renew_certs job had run. I suppose I’ll know after 1pm local today if the token refresh worked. Thanks for the verification that Google was wrong about Goldeye, and there isn’t a GUI method to run the renew job manually.
Certificate ‘mntbighkernas_us’ is expiring within 13 days.
2026-03-09 00:00:17 (America/Los_Angeles)
Error
[EFAULT] Failed to perform cloudflare challenge for ‘nas.mntbighker.us’ domain: Error determining zone_id: 9109 Invalid access token. Please confirm that you have supplied valid Cloudflare API credentials. (Did you enter a valid Cloudflare Token?)
Make sure you have input a valid Cloudflare API token.
If memory serves they used to authenticate certificate updates using a different method previously (Cloudflare “Key” + email I think?). Perhaps that has now been deprecated entirely.
There error has now changed to:
Error
[EINVAL] acme_create.dns_mapping: Please provide DNS authenticator id for nas.mntbighker.us [EINVAL] acme_create.dns_mapping: Please provide DNS authenticator id for DNS:nas.mntbighker.us
[EINVAL] acme_create.dns_mapping: Please provide DNS authenticator id for DNS:www.mntbighker.us
I refreshed the token yesterday and the error changed to what I posted above. Did not use key/email. The required permissions for the token may have changed from what the docs say. According to something I read yesterday somewhere. I kept them as the docs say. Someone suggested you need an added permission type? The Cloudflare provided curl test verifies the token works.