TrueNAS is an operating system based on debian with zfs-that's what I mean
That is just the "operating system".
Exactly which software is/are using the cert?
How did you originally install that cert into that/those software?
It's like you put a chair in the house.
The "house" doesn't use the chair.
Who is the chair for?
There exists a cert in the truenas.
Who is the cert for?
It is used by Nextcloud mainly and also the gui for TrueNAS via traefik as a proxy
So... both use that one [expired] cert.
Do you recall how you "inserted" the cert into both of those?
Or are they both handled by Traefik?
I think that says it all:
OK, so you got a cert. Did you install/deploy it to the TrueNAS system? Because if not, it won't know to use it. You can do that through the web GUI (go to Credentials -> Certificates, Add, paste in the cert and key). Or you can automate it using a script, like this:
I tend to think that it was done by acme.sh
Why would you think that? Did you tell acme.sh to install/deploy the cert to TrueNAS? Because if not, there's no reason to believe it will.
Really do not remember
That is why you can't solve this problem.
acme.sh only gets/renews the certs.
There has to be some automation to use that cert where it is needed.
In this case, Traefik needs it.
I think @danb35 hit the nail on the head with his post.
You should probably take some notes.
Save them for the next time something like this happens - LOL
Add first.
Use added.
Delete later.
[Thu Dec 8 12:01:52 MSK 2022] Your cert is in: /root/.acme.sh/vadim.com.ru/vadim.com.ru.cer
[Thu Dec 8 12:01:52 MSK 2022] Your cert key is in: /root/.acme.sh/vadim.com.ru/vadim.com.ru.key
[Thu Dec 8 12:01:52 MSK 2022] The intermediate CA cert is in: /root/.acme.sh/vadim.com.ru/ca.cer
[Thu Dec 8 12:01:52 MSK 2022] And the full chain certs is there: /root/.acme.sh/vadim.com.ru/fullchain.cer
This is the output when I renewed the cert - which ones should I add via Gui?
The fullchain and the private key. And then you need to see about automating this properly.
It started asking me thousands of question in that new menu for adding a cert. I will try the script I guess. That menu is a killer
Choose to import a cert - not create a new [self-signed] cert.
3 Likes
You must have done that before.
This isn't a TrueNAS support channel.
I don't know anything about that.