By - Markus Zehnle

Secure Ubiquiti UniFi Controller / CloudKey with an Let’s Encrypt certificate – The Cloudflare way

There are tons of tutorial’s out there if you’re searching for “unifi controller let’s encrypt” but none of the ones I found are suiting my needs.

My Ubnt controller runs on my raspberry pi 3 and Cloudflare is in charge of handling my DNS entries.

1. Get the Cloudflare Global API-key

Login to https://dash.cloudflare.com
Select your site then hit “Get your API key”

Scroll to “API Keys” and request the “Global API Key”

Copy your global API key and save it in your pwd-mgr or your favorite .txt file.

2. Commands on linux box

SSH into your controller:

The output of the –issue command should end with the location of your newly created cert files:

Now, integrate the newly created certs to unifi with builtin “unifi”-hook:

Let’s have a look if everything went smoothly and check the controller if there is a green “Secure” lock:
https://ubnt.mydomain.tld:8443/

If you check the certificate it should state something like this:

WTF! The certificate is just valid for 90 days? I have to repeat all the steps above again!?
Nope!
acme.sh created a cronjob which is doing everything for you:

After upgrading the controller firmware make sure the cronjob is still present (crontab -l).
If not, easily install the cronjob again:

[UPDATE: 09.07.2018 22:23]
I just upgraded my Controller from 5.7.23 to 5.8.24 and the cronjob for updating the SSL cert still exists.

Leave a Reply

Your email address will not be published.
*
*

*