Skip to content

Use Letsencrypt with Unifi Controller on Ubuntu

Posted in Server

There’s too much noise on the internet, to the extent a simple process is sometimes hidden within countless pages. Here is how to use Letsencrypt with Unifi Controller on Ubuntu.

The steps below assumes you have Letsencrypt SSL already generated and running, and not close to expiring date.

Download Unifi SSL Import Script

Download the unifi_ssl_import.sh script to your server, thanks to Steve Jenkins

wget https://raw.githubusercontent.com/stevejenkins/unifi-linux-utils/master/unifi_ssl_import.sh

Modify Script

Change your hostname.example.com to the actual hostname you wish to use. In my case, I’m using www.khophi.co , because that’s where I access my Unifi Controller

If you are not sure about this, go into your /etc/letsencrypt/live folder and see what the hostname used is.

Delete or comment the entire section for Fedora/Redhat/Centos

Uncomment the section for Debian

Make LE_MODE=yes

Comment PRIV_KEY, SIGNED_CRT, and CHAIN_FILE, params

Make script executable: chmod a+x unifi_ssl_import.sh

Run script: sudo ./unifi_ssl_import.sh

If all goes well, you’re done, and SSL should be applied to your Unifi Controller Website.

Another Approach

As root, you need to run:

Explanation of the commands:

  1. Package the PEMs into P12 format.
  2. Backup your current, probably default, UniFi keystore.
  3. Import the P12 certs into UniFi’s Java keystore
  4. Restart the UniFi controller

In case anything goes wrong, restore the default keystore to get a working UniFi web GUI again:

The above approach is taken from: https://community.ubnt.com/t5/UniFi-Wireless/Use-already-existing-SSL-for-unifi-controller/m-p/1917894#M226270