Use Let’s Encrypt on Ubiquiti Unifi 5.10 on Ubuntu

I pulled together a few scripts and sites and found a simpler path to get Let’s Encrypt working on the Unifi Controller.


  • Port 443 opened on the box
  • Unifi 5.10 or newer. May work on older installs but no guarantees.
  • Ubuntu 16.04 or newer. May work with older installs but no guarantees.

Now the quick how-to:

After connecting to the server via SSH, run the following:

cp ./ /etc/letsencrypt/renewal-hooks/post/ 
chmod o+x /etc/letsencrypt/renewal-hooks/post/  
chmod o+x ./certbot-auto 
./certbot-auto certonly 

If prompted to enter any information, use option 1 to setup a temporary web server for the challenge and enter your unifi.domain.tld hostname (this must have a DNS record that is available external to your network.

This should get you going, now we just need to schedule the renewal of the certificate on a monthly basis. To do this, we’ll do the following:

Open Crontab with crontab -e

enter this line:

0 0 1 * * ./certbot-auto renew

Save Crontab and you should be ready to go.


Create a self signed certificate on Windows Server 2016 with PowerShell

I guess today is PowerShell day. I needed to create a quick self signed certificate on a Windows Server and didn’t care to go through the normal process. Here’s the snippets you need.

New-SelfSignedCertificate -DnsName server.domain.tld -CertStoreLocation cert:\LocalMachine\My

This command will spit out the Thumbprint of that certificate which we will need in the next command. Note, that this is a 1 year certificate.

Now let’s export the certificate.

 $CertPassword = ConvertTo-SecureString -String “SomeStrongPassword” -Force –AsPlainText 
Export-PfxCertificate -Cert cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.pfx -Password $CertPassword 

Then we just need to export the public key.

Export-Certificate -Cert Cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.cer


Send Email with PowerShell

I was helping a customer today troubleshoot a VM to email issue and was tired of using my standard “send email via telnet” method to test the SMTP server. After a bit of research, it’s really easy to send email with powershell in a single command.

Here you go:

Send-MailMessage -SMTPServer localhost -To emailaddy@domain.tld -From -Subject "test email" -Body "PowerShell for the win!"

Windows Server 2012 DC Best Practice Analyzer – Protected OU’s

I’m at a customer site this week doing various best practice scans, troubleshooting, etc. and one of the tasks today was a full AD scan (security, best practice, etc.). Easily enough, this particular client only had 2 items in Best Practice Analyzer that needed fixed. In this post, we’ll focus on one. How to protect all OU’s from Accidental Deletion.

Here’s a quick PowerShell to determine what OU’s are not currently protected from accidental deletion:

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft

Now that you know what OU’s need work, we can pass that into a set command to go ahead and get those OU’s protected.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

Lastly, we can verify that all of our OU’s are now protected. The column ProtectFromAccidentalDeletion should now say True.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion} | ft
blog Linux Ubuntu VMWare

Centos 7.6 Minimal Post Install Change

I’m working on a project at a customer location this week and this particular project required me to install Centos 7+.  Being an Ubuntu guy, I kicked and moaned for about 3 whole seconds and started the install.  It went as smooth as you’d expect, however, I was greeted with no network connectivity once Centos rebooted.  Mentally, I thought it was needing VMWare drivers or something but as it turns out, I just needed to enable the network interface.

vi /etc/sysconfig/network-scripts/ifcfg-<cardname>

Now change ONBOOT=No to ONBOOT=Yes

Then simply reboot and make sure you can get connected to the network.