Use Let’s Encrypt on Ubiquiti Unifi 5.10 on Ubuntu

I pulled together a few scripts and sites and found a simpler path to get Let’s Encrypt working on the Unifi Controller.


  • Port 443 opened on the box
  • Unifi 5.10 or newer. May work on older installs but no guarantees.
  • Ubuntu 16.04 or newer. May work with older installs but no guarantees.

Now the quick how-to:

After connecting to the server via SSH, run the following:

cp ./ /etc/letsencrypt/renewal-hooks/post/ 
chmod o+x /etc/letsencrypt/renewal-hooks/post/  
chmod o+x ./certbot-auto 
./certbot-auto certonly 

If prompted to enter any information, use option 1 to setup a temporary web server for the challenge and enter your unifi.domain.tld hostname (this must have a DNS record that is available external to your network.

This should get you going, now we just need to schedule the renewal of the certificate on a monthly basis. To do this, we’ll do the following:

Open Crontab with crontab -e

enter this line:

0 0 1 * * ./certbot-auto renew

Save Crontab and you should be ready to go.


Create a self signed certificate on Windows Server 2016 with PowerShell

I guess today is PowerShell day. I needed to create a quick self signed certificate on a Windows Server and didn’t care to go through the normal process. Here’s the snippets you need.

New-SelfSignedCertificate -DnsName server.domain.tld -CertStoreLocation cert:\LocalMachine\My

This command will spit out the Thumbprint of that certificate which we will need in the next command. Note, that this is a 1 year certificate.

Now let’s export the certificate.

 $CertPassword = ConvertTo-SecureString -String “SomeStrongPassword” -Force –AsPlainText 
Export-PfxCertificate -Cert cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.pfx -Password $CertPassword 

Then we just need to export the public key.

Export-Certificate -Cert Cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.cer


Send Email with PowerShell

I was helping a customer today troubleshoot a VM to email issue and was tired of using my standard “send email via telnet” method to test the SMTP server. After a bit of research, it’s really easy to send email with powershell in a single command.

Here you go:

Send-MailMessage -SMTPServer localhost -To [email protected] -From [email protected] -Subject "test email" -Body "PowerShell for the win!"

Windows Server 2012 DC Best Practice Analyzer – Protected OU’s

I’m at a customer site this week doing various best practice scans, troubleshooting, etc. and one of the tasks today was a full AD scan (security, best practice, etc.). Easily enough, this particular client only had 2 items in Best Practice Analyzer that needed fixed. In this post, we’ll focus on one. How to protect all OU’s from Accidental Deletion.

Here’s a quick PowerShell to determine what OU’s are not currently protected from accidental deletion:

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft

Now that you know what OU’s need work, we can pass that into a set command to go ahead and get those OU’s protected.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

Lastly, we can verify that all of our OU’s are now protected. The column ProtectFromAccidentalDeletion should now say True.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion} | ft

Quick Fix: Exchange 2010 Back Pressure workaround

We are now in the year 2017 and any exchange admin will know this by the back of their hand but as little as I touch Exchange now (either because it’s rock solid or we’ve moved to Office 365), I always have to Google it.  So this is just a reminder for me in the future.

A customer had a backup issue over the past weekend due to an unfortunate set of circumstances.  As a result, their D: was getting full.  They had 15 Gb left of 600 Gb total but the probably well known feature of Exchange called Backpressure prevents your hard drives from filling up due to email transport and their mail stopped flowing. I needed to get their email working ASAP while a backup completed in the background. An easy and temporary fix for this is to disable transport resource monitoring.  This can be done by modifying the edgetransport.exe.config file.

Modify this line: EnableResourceMonitoring from true to false.
Restart the Microsoft Exchange Transport Service.

Just be sure to re-enable Resource Monitoring after you’ve solved the problem that got you here or someday soon you’ll be in a world of hurt.  Also, get some disk space utilization alerting going and stop waiting for things to break.