![unifi controller ssl certificate unifi controller ssl certificate](https://www.jeroentielen.nl/wp-content/uploads/photo-gallery/17-08-2018/thumb/18OL1-8818.jpg)
deploy:ģ Standard configuration same as all of my containers I use Traefiks docker label configuration. There are a few additions compared to the other containers. On the Unifi Controller container we need to add the configuration for Traefik. If you have the dashboard enabled you need to switch that from port 8080 to something else, this is the standard port used by the Unifi Controller for it’s /inform calls from all the equipment. On the setup from my other article, listed above, we just add this command line parameter: -serversTransport.insecureSkipVerify=true So first we need to allow Traefik to use self signed certificates. The communication between Traefik and the Unifi Controller will be secured with the self signed certificate on the controller. My goal was only to have a proper URL like with a proper SSL certificate for the admin interface. There are a number of ports on the controller and several needs to be accessible for the /inform requests from the equipment. Still the controller best live in the same physical network as the equipment in my opinion. Specially if you have no external access to consider. The setup of Unifi Controller behind any reverse proxy is easy enough. I run my controller in a docker container on my swarm and have Traefik for ingress and SSL. The self signed certificate is fine from a security standpoint but enjoying when accessing the controller.
![unifi controller ssl certificate unifi controller ssl certificate](https://www.matecdev.com/img/bempp.png)
Like everything I provide, no warranty is implied, no guarantee this will work for you, and while I'm willing to help out a bit with people who are having issues, please don't get demanding or angry if I can't help you for some reason.A proper SSL certificate on the Unifi Controller is more of a cosmetic fix then a security one. If you have a web server on the same machine as the controller, you'll need to modify the script to use the webroot method of authentication (see the letsencrypt documentation). Note that this script only will work if there is nothing else listening on port 80/443. Script will auto-renew the certificate if it is 30 days or less from expiration and only restart/update the Unifi controller if the certificate has changed. root/bin/gen-unifi-cert.sh -e -d ħ) You'll need to run this script at least once every 3 months - more realistic to run it weekly with the renew option.
![unifi controller ssl certificate unifi controller ssl certificate](https://rieskaniemi.com/wp-content/uploads/2018/05/unifi_wireless.png)
If things go wrong during the cert swap out, you will likely need to reinstall the controller.Ħ) Run /root/bin/gen-unifi-cert.sh with the proper command line options. Depending on your setup, you may need to make other adjustments for where the letsencrypt path is, or the extra Root CA is.Ĥ) New version of the script has CLI options, so no longer need to edit gen-unifi-cert.sh for configuration options and the extra certificate needed for the chain is now embedded in the script.ĥ) Once you've got everything setup correctly, go to your controller AND BACK UP YOUR CONFIGURATION/DATABASE. Put the resulting source in /usr/src.ģ) Go to /root and do the following: mkdir /root/binĤ) Edit /root/bin/gen-unifi-cert.sh and change at the top DOMAIN, EMAIL within the quotes. Follow the instructions here if you want to use the latest release from git.
#UNIFI CONTROLLER SSL CERTIFICATE INSTALL#
This script works on Debian and probably Ubuntu with sysvinit - not sure if it will work quite the same way with systemd, or Fedora/Gentoo/etc.Ģ) Install letsencrypt from source/package. Hello all, figured I'd share one of my more useful scripts with you guys - using LetsEncrypt with the Unifi Controller for signed SSL certificates.