Here is a quick how to on generating an SSL Certificate for your Unifi Controller on Ubuntu.
Install git if you haven’t already.
yum install git -y
Clone the LetsEncrypt bot.
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt cd /opt/letsencrypt
Generate the certificate. – Replace <FQDN> with your fully qualified domain, i.e unifi.mydomain.com
sudo -H ./letsencrypt-auto certonly --standalone -d <FQDN>
Export out the pkcs#12 certificate. – Make sure to set a password, need this later
cd /etc/letsencrypt/live/<FQDN> openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out unifi.p12 -name unifi -CAfile fullchain.pem -caname root
Backup current key-store in case something goes wrong.
mv /var/lib/unifi/keystore /var/lib/unifi/keystore.backup
Import the new SSL into the controllers key-store – Use the password you set above to import
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore unifi.p12 -srcstoretype PKCS12 -alias unifi
Restart the controller and away we go!
service unifi restart
What about the renewals I hear you say? Stay tuned 🙂