Use Let’s Encrypt on Ubiquiti Unifi 5.10 on Ubuntu

I pulled together a few scripts and sites and found a simpler path to get Let’s Encrypt working on the Unifi Controller.


  • Port 443 opened on the box
  • Unifi 5.10 or newer. May work on older installs but no guarantees.
  • Ubuntu 16.04 or newer. May work with older installs but no guarantees.

Now the quick how-to:

After connecting to the server via SSH, run the following:

cp ./ /etc/letsencrypt/renewal-hooks/post/ 
chmod o+x /etc/letsencrypt/renewal-hooks/post/  
chmod o+x ./certbot-auto 
./certbot-auto certonly 

If prompted to enter any information, use option 1 to setup a temporary web server for the challenge and enter your unifi.domain.tld hostname (this must have a DNS record that is available external to your network.

This should get you going, now we just need to schedule the renewal of the certificate on a monthly basis. To do this, we’ll do the following:

Open Crontab with crontab -e

enter this line:

0 0 1 * * ./certbot-auto renew

Save Crontab and you should be ready to go.


Create a self signed certificate on Windows Server 2016 with PowerShell

I guess today is PowerShell day. I needed to create a quick self signed certificate on a Windows Server and didn’t care to go through the normal process. Here’s the snippets you need.

New-SelfSignedCertificate -DnsName server.domain.tld -CertStoreLocation cert:\LocalMachine\My

This command will spit out the Thumbprint of that certificate which we will need in the next command. Note, that this is a 1 year certificate.

Now let’s export the certificate.

 $CertPassword = ConvertTo-SecureString -String “SomeStrongPassword” -Force –AsPlainText 
Export-PfxCertificate -Cert cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.pfx -Password $CertPassword 

Then we just need to export the public key.

Export-Certificate -Cert Cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.cer