Edit the TrueNAS section to fix up English, add details, and tighten up the prose.

deployhooks.md

@@ -739,29 +739,24 @@ The certificate should now show up in  "Network" -> "Certificate Manager".
 
 ## 25. Deploy the cert on TrueNAS Core Server
 
-Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert). If you run the acme.sh Scipt on the TrueNAS Server itself, you have to use the DNS API mode. Deploy Scipt supports TrueNAS Core newer than 12.0 U3.
+The deploy script supports TrueNAS Core 12.0-U3 or higher.
+
+The generally recommended deployment method is to run acme.sh on the TrueNAS server itself via the built-in cron facility, using the DNS API mode to authenticate to LetsEncrypt. Almost all TrueNAS servers are not (and should not be) exposed directly to the Internet, so authenticating to LetsEncrypt via the HTTP-01 challenge type is usually not feasible. 
+
+(The locked-down nature of the TrueNAS web interface also makes it difficult. While it is possible to set a non-standard HTTP port for the web interface, you would still need to set up an additional HTTP server daemon (preferably in a jail) and redirect port 80 to your new HTTP daemon. You will also need to add the non-standard port number to the end of the DEPLOY_TRUENAS_HOSTNAME value. Since most DNS providers now have APIs this is a lot of unnecessary custom work that can be avoided by just using the DNS API approach.) 
+
+Before doing the deployment, you will need to generate an API Key for the server. In the TrueNAS web interface you can click on the gear wheel in the top right corner, then select API Keys from the menu. Carefully record the API Key since it will only be shown once. 
+
+The script uses the following environment variables, which only need to be set during the initial run. (The acme.sh deployment framework will store their values automatically for subsequent runs.) 
 
-```sh
-# Following environment variables must be set:
-#
-# export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI"
-#
-# The following environmental variables may be set if you don't like their
-# default values:
-#
-# DEPLOY_TRUENAS_HOSTNAME - defaults to localhost # Specify if not using on localhost
-# DEPLOY_TRUENAS_SCHEME - defaults to http, set alternatively to https
 ```
-In the WebUI from TrueNAS you can click on the gear wheel in the top right corner than select API Keys.
-Here you can create an API Key for the next step.
-
-```sh
-export DEPLOY_TRUENAS_APIKEY="1-91iX3...aSTRr4xcv1FHU"
-acme.sh --deploy -d truenas.example.com --deploy-hook truenas
+DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI>"    # Required
+DEPLOY_TRUENAS_HOSTNAME="localhost"                          # Optional, defaults to localhost
+DEPLOY_TRUENAS_SCHEME="http"                                 # Optional, defaults to http, set alternatively to https
 ```
 
-If acme.sh is installed direkt on your TrueNAS server, then you don't have to set DEPLOY_TRUENAS_HOSTNAME. When the acme.sh scipt runs on an other system, what is possible, then you have to set the DEPLOY_TRUENAS_HOSTNAME to the IP or Hostname of the TrueNAS server. If you use the hostname, it must be DNS resolveble in your local network.
-
-With DEPLOY_TRUENAS_SCHEME you can choose if you use http or https. If in the TrueNAS WebGui is the Parameter "Webinterface HTTP -> HTTPS-Redirection" is activeted, then DEPLOY_TRUENAS_SCHEME is set to https per default.
-
+If you run acme.sh on a system other than the TrueNAS server then you will need to set the DEPLOY_TRUENAS_HOSTNAME to the IP or Hostname of the TrueNAS server. If the setting "Web Interface HTTP -> HTTPS-Redirect" in the TrueNAS web interface is checked then DEPLOY_TRUENAS_SCHEME will be set to https by default.
 
+```
+acme.sh --insecure --deploy -d truenas.example.com --deploy-hook truenas
+```