Using letsencrypt with Unifi Controller

Submitted by cliff on Wed, 14/03/2018 - 11:23

While using homeassistant in cooperation with the Unifi Controller I regularly see that the homeassist logfiles complains about self-signed certificates. So I wanted to install a legitimate certificate, the obvious choice for a CA would be letsencrypt

After doing some googling I found the following script on reddit. Latest version with edits is available on my github.

apt-get install certbot

cd /usr/local/sbin

wget https://source.sosdg.org/brielle/lets-encrypt-scripts/raw/master/gen-unifi-cert.sh -O /usr/local/sbin/gen-unifi-cert.sh

chmod +x /usr/local/sbin/gen-unifi-cert.sh

/usr/local/sbin/gen-unificert.sh -e user@emaildomain.com -d controllerhostname.domain.com

To automatically update the certificate every 3 months add a file to /etc/cron.d/unifi-cert with the following content:

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/local/sbin/gen-unifi-cert.sh -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && /usr/local/sbin/gen-unifi-cert.sh -r -d controllerhostname.domain.com

This cron-job will execute the script. The script it self will update the certificate if it is going to expire within 30 days or less