Hosted Unifi controller with Let’s Encrypt SSL!

Unifi controller with SSL from Let's Encrypt

I have been consolidating some of my sites onto a single hosted Unifi controller.  Documentation was outdated so I am going to post some useful info here. My original plan was to setup a basic apache2 site, use certbot to generate my certificates and then install them into the Unifi controller. The first frustration is that you cannot simply install the certs you want into the unifi controller.  second frustration, java.  once you get over that, it’s super easy.

I had some issues with the initial migration.  i ended up having to start over.  handy command to remove unifi controller with all it’s configuration and data. apt-get remove unifi --purge Just remember, you will need to reinstall Unifi after. It will be bran new and back to the wizard.

Getting started with SSL, I learned mostly from here.  First create a CSR with unifi through command line…
cd /usr/lib/unifi
java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>

this creates unifi_certificate.csr.der and unifi_certificate.csr.pem inside the data directory where you already are (/usr/lib/unifi/).  Now we need to feed the CSR into certbot.  Note that at this point,  i already have apache2 installed with a very simple virutalhost and site setup with the domain i am creating a cert for.  Here is the command to feed the CSR generated by Unifi into certbot to be certified:
certbot certonly --apache --csr /usr/lib/unifi/data/unifi_certificate.csr.der

Certbot will make sure that domain is yours (and your apache config is working) and then output a signed cert and a chain that is almost everything you need to install the certificate back into the Unifi controller.  Still in /usr/lib/unifi/data/ 0000_cert.pem is my signed cert and 0001_chain.pem is my signed cert plus the intermediate certificate. what’s missing is Let’s Encrypt’s Root certificate to validate the intermediate certificate and thus complete the chain of trust.

Continue reading “Hosted Unifi controller with Let’s Encrypt SSL!”

Electronic fruits of my actual labor!


Stan Lee’s Love Story Book Cover
The eBook version of a project I have been helping with is now available for purchase. Stan Lee’s Love Story: as told by daughter JC Lee!  This is an incredible insight into the life and love of Stan and Joan Lee. A collection of photographs and memories compiled by their only daughter JC.  It is already available on Amazon (iBook coming soon).  Amazon just pulls its samples from the beginning of the book, so I decided to include a few pages to give you a better idea of what you can expect.  So hard to choose.  So many candid photos invites the fans to share this intimate view into their private family live.

 

 

Stan Lee Classic Car from Stan Lee’s Love Story Photo BookStan Lee early Marvel from Stan Lee’s Love Story Photo Book

It’s finally fixed!

 

As you can see, it did turn out to be hardware, a GPU and CPU (ouch!).  The flash storage was not it, but I figured that out eventually. This has been an issue since October!  With many fixes attempted.  It was a bit of a blow to my pride eventually having to turn to Apple, but they stepped up and got it done with only mild frustration on my part.   Plus, they picked up the tab as my warranty is certainly expired.  There comes a time when you realize that a fix would require more parts then you had at hand.  I have been enjoying my functional desktop again, just in time for the new iMac Pro to make it obsolete.