Here is a quick how to on generating an SSL Certificate for your Unifi Controller on Ubuntu.

Install git if you haven’t already.

yum install git -y

Clone the LetsEncrypt bot.

sudo git clone /opt/letsencrypt
cd /opt/letsencrypt

Generate the certificate. – Replace <FQDN> with your fully qualified domain, i.e

sudo -H ./letsencrypt-auto certonly --standalone -d <FQDN>

Export out the pkcs#12 certificate. Make sure to set a password, need this later

cd /etc/letsencrypt/live/<FQDN>
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out unifi.p12 -name unifi -CAfile fullchain.pem -caname root

Backup current key-store in case something goes wrong.

mv /var/lib/unifi/keystore /var/lib/unifi/keystore.backup

Import the new SSL into the controllers key-store – Use the password you set above to import

keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore unifi.p12 -srcstoretype PKCS12 -alias unifi

Restart the controller and away we go!

service unifi restart

What about the renewals I hear you say? Stay tuned 🙂