Securing Ubiquiti UniFi Cloud Key with Let’s Encrypt SSL and automatic dns-01 challenge

You may also like...

  • Pingback: Securing UniFi Cloud Key with SSL certificate from RapidSSL | naschenweng.info()

  • I have a similar setup on my Cloud Key but, every time I reboot it, the controller service decides that the keystore is invalid, at which point it deletes it and generates a new one. Is this happening to you as well?

    • I have rebooted the UCK twice and it survived the reboot. As far as I understand, the contents are only replaced in the folder if the contents of the /etc/ssl/private/cert.tar are different to the files in that folder.

      I will retest this over the weekend. In the worst case you could always hook the /root/.acme.sh/cloudkey-renew-hook.sh into the reboot process if this is an issue. If you are not on the latest FW / Controller version, perhaps that could be an issue.

    • This weekends I reshuffled my UBNT gear and in the process have rebooted switches and UCK several times – the keystore survived all reboots.

  • Yoni C

    Hi, this worked great for the nginx portion. Thanks! the guest portal is still displaying the unbt self-signed cert and therefore displaying insecure mesages. Is there any way to point that guest portal to use this certificate as well?

    Thanks!

    • Hi – I have not used the guest-portal so I don’t know. I thought that this would be equally served via nginx. Perhaps this is just a host-name change wherever you configure the guest portal? The above method replaces the NGINX SSL cert – I am a bit surprised that the guest portal would then use something else. Are you sure this is not perhaps a caching issue?