UniFi Tutorials

Install SSL Certificate Onto A FQDN UniFi Controller

In this tutorial you will be shown how to install SSL Certificate onto a FQDN (fully qualified domain name) UniFi Controller installed on Ubuntu 20.04. 

Lets Get Started 

  1. SSH onto your Ubuntu Linux Server
  2. Make sure your server is fully up to date with patches.
  3. Check and see what type of pre-existing firewall your using. In my case I am sticking with ufw firewall. We will be opening up the ports for SSL configuration and enabling auto start for my ufw firewall.
sudo ufw allow 80
sudo ufw allow 443
sudo systemctl enable ufw
sudo ufw enable

This Is A Must: Since you have an existing UniFi Controller already running make sure to set an A record for your domain and point it to the IP address of the UniFi Controller server. Lets move forward with configuring SSL certificate for your domain!

Install SSL Certificate For Your Domain To Access Unifi Controller

  1. To start we will need to install LetsEncrypt.
sudo apt-get update 
sudo apt-get install letsencrypt

2. Run the following command to generate a SSL Certificate for your domain. Please change the domain so it reflects your domain.

sudo letsencrypt certonly

3. Now lets download a script that will do the majority of the work for you to import the SSL Certificate into the Unifi Controller. 

sudo wget https://raw.githubusercontent.com/stevejenkins/unifi-linux-utils/master/unifi_ssl_import.sh -O /usr/local/bin/unifi_ssl_import.sh

4. Lets change the Permission of the script using the following command

sudo chmod +x /usr/local/bin/unifi_ssl_import.sh

5. With these following steps we will be editing the script to use your domain.

sudo nano -w /usr/local/bin/unifi_ssl_import.sh

Within this text view locate and change the following. Keep mindful of the type of OS your using as you will need to make the proper changes suited to your OS.

Add your domain
UNIFI_HOSTNAME=unifi.yourdomain.com

Uncomment the three lines for Fedora/RedHat/Centos by deleting # :
#Uncomment following three lines for Fedora/RedHat/CentOS
#UNIFI_DIR=/opt/UniFi
#JAVA_DIR=${UNIFI_DIR}
#KEYSTORE=${UNIFI_DIR}/data/keystore

Uncomment the three lines for Debian/Ubuntu by deleting # :
# Uncomment following three lines for Debian/Ubuntu
#UNIFI_DIR=/var/lib/unifi
#JAVA_DIR=/usr/lib/unifi
#KEYSTORE=${UNIFI_DIR}/keystore


Set the Let’s Encrypt mode to yes:
If you only enable the line, by removing the #, and you will have to set the value to yes.
LE_MODE=yes

Save and close the file
Press Ctrl +X followed by Y and Enter to save and close the file.

6. Now lets run the script to import the SSL cert info the Unifi Controller.

sudo /usr/local/bin/unifi_ssl_import.sh

7. We will now create a script to auto renew the SSL cert for you. Run the following command to create a new file.

sudo nano -w /etc/crontab

And add the following content into it
0 */12 * * * root letsencrypt renew
5 */12 * * * root unifi_ssl_import.sh
Press Ctrl +X followed by Y and Enter to save and close the file.

 

Congratulations! Your UniFi Controller and domain should now have a proper working SSL Certificate assigned to it.

If you happen to have any questions please feel free to ask me.

12 Comments

  1. Hi Patrick, i follow this tutorial, but i have a eror

    Starting UniFi Controller SSL Import…

    Running in Let’s Encrypt Mode…

    Inspecting current SSL certificate…

    Updated SSL certificate available. Proceeding with import…

    Missing one or more required files. Check your settings.

    my question is

    I need to haver before this documents.

    PRIV_KEY=/etc/ssl/private/unifi.uniq.edu.mx.key
    SIGNED_CRT=/etc/ssl/certs/unifi.uniq.edu.mx.crt
    CHAIN_FILE=/etc/ssl/certs/startssl-chain.crt

    because the code says No if Le mode is enabled

  2. Hey Patrick,

    I have everything correct and the certificate created but when I’m going to do the command sudo /usr/local/bin/unifi_ssl_import.sh it tells me:

    Missing one or more required files. Check your settings.

  3. hello patrick I have done the same tests as you and before it worked for us and now it tells me an error that I am missing files and that I should check the connection

  4. Hi Patrick,

    Followed your instruction and after installing the SSL cert, I’m not longer able to access my controller. I’m on Linode and my hosting has a A record pointing to my Linode.

          1. Nope, I used the A record from rebel.ca as my DNS hosting.
            I don’t think Linode will block that

Leave a Reply to Patrick Domingues Cancel reply

Stay Informed

Receive instant notifications when new content is released.