I’ve been looking for a way to get an Internal CA Certificate onto my TrueNAS WebUI. I also had the idea that this would allow me to setup and use the inbuilt S3 service from TrueNAS however I have now learned that this is being depricated. Proxmox makes this quite easy and integrates seamlessly with Step CA using ACME. Unfortunaately the builtin ACME client on TrueNAS is a bit limited and using the default http-01 challenge for ACME is not possible. ACME.sh provides quite a few alternatives now, including DNS alias challenge handling (which I may still look into) but for now, I have landed on the following solition/workaround/hack:
My background is as a systems dude. I’ve always wanted to be a network dude and I certainly know layer 2 stuff, IPv4 stuff, pretty well. When it comes to layer 3 networking though, my knowledge has always been vague. Probably fair to say the same for IPv6.. vague! So this “lab” is an opporuntity to learn a bit more about both of these topics. I guess like anything in this field, once you know a little bit about a piece of technolgy, you come to realise how much more there is to know. For me, BGP is that piece of technology.
I think it would be nice to get rid of the pesky certificate warnings on my Proxmox and PBS GUI’s. There will be other benefits too that I can’t think of right now.
When I moved into my new house, I had a bit of a green fields opportunity where I could start again with my Unifi SDA configuration. One of the things I set out to do was to seperate device types into different vlans for say IOT vs Guest vs Servers use cases. As a result of this, the IP addressing scheme started to get more complicated. To address the complication, internal hosts needed to be resolvable by name.