26.1.7_2: issue with ACME client automation upload to TrueNAS websocket API

[Rene78]

Hi,

I have a working ACME client setup with a wildcard Let's Encrypt certificate for my domain. Also have a working nginx based reverse proxy to three services. Those services are running on a TrueNAS SCALE 25.10.3 (latest patch) system.

While all https access to the services is working fine through nginx with A+ trusted HTTPS (reverse proxy handles upstream stuff on the LAN to TrueNAS) the services on the TrueNAS system still use selfsigned certs from the TrueNAS box.

Now, while not essential (I trust my home lan ;-)) I am trying to get the whole certificate chain proper. Just a hobby thing.

Therefore I made an API key (root) on my TrueNAS and created the automation in the ACME client. Used the websocket (not deprecated one). Filled in all the fields, which are self explanatory. Reran the automations from the commands in OPNsense but the upload errors out.

[Mon May 4 18:02:46 CEST 2026] TrueNAS API key not found, please set the DEPLOY_TRUENAS_APIKEY environment variable.

I tried all automation modes (none, ws and wss) but error remains. The API key is really in the appropriate field. The plugin however does not seem to set the value from the field in the environment variable.

I am a little at hand (no ssh) from my phone currently so no CLI attempt possible.

Anybody recognize this? Seems a bug...

[sopex]

It will be fixed on the next version. You can use the deprecated until then. Truenas 26+ deprecates it.

[franco]

There was an unintended issue with our merge tooling (on a case insensitive file system) that ended up in the file not being renamed correctly although I'm not sure that's the problem here:

https://github.com/opnsense/plugins/commit/251c7a5e93

It was since hotfixed but perhaps it needs a reinstall if you caught the other version:

# opnsense-revert os-acme-client

Could be unrelated, though.


Cheers,
Franco

[fraenki]

although I'm not sure that's the problem here

This issue is unrelated to the rename hiccup. 😊

> [Mon May 4 18:02:46 CEST 2026] TrueNAS API key not found, please set the DEPLOY_TRUENAS_APIKEY environment variable.

I have tested this and was unable to reproduce this issue.
Please try again and provide the full ACME Log and all "AcmeClient" entries from the System Log.

[Rene78]

I have tested this and was unable to reproduce this issue.
Please try again and provide the full ACME Log and all "AcmeClient" entries from the System Log.

I can do this when I have computer access again in a few days.

However, sopex mentions it will be fixed in the next version.... This indicates bug...

Maybe the setenv variable had been set in your case earlier and therefore it works? Is that possible?

Regardless, i'll dig into it in a few days time and help out isolating any issue. Thanks

[sopex]

However, sopex mentions it will be fixed in the next version.... This indicates bug...

I made the truenas websocket addition and it was working, but then there were some complications with the naming conventions that fraenki fixed.

So I jumped the gun, and thought something broke there.

But if Frankie says it's not that, he is correct.

[Rene78]

But if Frankie says it's not that, he is correct.

Copy all. I'll try and get all the logs on the forum asap.

BTW, I used copy paste from the TrueNAS ui to copy in the API key. I noticed that every new API key starts with "X-" (X is an integer being the index of the generated API key, so 1,2 etc) by a alfanumeric key. They "X-" is copied onto the clipboard as well. I assumed it is part of the key (as it is on the clipboard). Is that the case?


Not in the TrueNAS API docs.