While using homeassistant in cooperation with the Unifi Controller I regularly see that the homeassist logfiles complains about self-signed certificates. So I wanted to install a legitimate certificate, the obvious choice for a CA would be letsencrypt.
After doing some googling I found the following script on reddit. Latest version with edits is available on my github.
apt-get install certbot cd /usr/local/sbin wget https://source.sosdg.org/brielle/lets-encrypt-scripts/raw/master/gen-unifi-cert.sh -O /usr/local/sbin/gen-unifi-cert.sh chmod +x /usr/local/sbin/gen-unifi-cert.sh /usr/local/sbin/gen-unificert.sh -e user@emaildomain.com -d controllerhostname.domain.com
To automatically update the certificate every 3 months add a file to /etc/cron.d/unifi-cert with the following content:
SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 0 */12 * * * root test -x /usr/local/sbin/gen-unifi-cert.sh -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && /usr/local/sbin/gen-unifi-cert.sh -r -d controllerhostname.domain.com
This cron-job will execute the script. The script it self will update the certificate if it is going to expire within 30 days or less
- Log in to post comments