Category: Internet

Internet, Security, technology, Web, Wi-Fi

Hosted Unifi controller with Let’s Encrypt SSL take 2!

| be3n

Unifi Dashboard with SSL

UPDATE 11-09-21:  Discovered the amazing acme.sh toolcheck it out!

I visited this idea months ago, but for anyone who implemented it, it has been a nightmare.  Each subsequent Unifi controller update broke the https in new and exciting ways.  After remaining a very squeaky wheel with Ubiquity support, they’ve pushed out a version that should permanently resolve the problems. They even made promises of native Let’s Encrypt support.  All this will prove true of false with time, but for now i wanted to share my working procedure for Unifi controller version 5.9.32.

This solution required me to become more familiar with Java’s keytool then i would have otherwise.  Unifi has a hardcoded keytool path and password, don’t change that (thanks Corey F @ubnt). i don’t think alias matter, but they must be consistent.  I used mykey.  We start by generating a key and a code signing request for our domain.  For permissions reasons, we will want to do this as root. . .
cd /var/lib/unifi
keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -keystore keystore -dname "CN=custom.domain.name" -storepass aircontrolenterprise

Now we export the csr file we will give to Let’s Encrypt.
keytool -certreq -alias mykey -keystore keystore -file custom.domain.name.csr -ext san=dns:custom.domain.name -storepass aircontrolenterprise

Now we run the interactive certbot script to prove the domain is actually yours before they hand out a cert.  Follow the instructions you can use DNS or hosting a file to verify.
certbot certonly --manual --csr custom.domain.name.csr

Continue reading “Hosted Unifi controller with Let’s Encrypt SSL take 2!”

art, Culture, hardware, Internet, Raspberry Pi, Recreation, retro, revolution, Science, Security, Software, technology, Travel, Wi-Fi

Back to reality after another amazing DEFCON!

| be3n

I met a pile of incredible people.  Bought some amazing toys (for science), some i’ve even got working.  Saw some talks and demos.  Talked to some of my heroes and listened to even more.  I saw Ladar Levison talk about epoxying your ports and adding thermite to your hard drives.  I played with the ECU of a fake car!  now i just have finish building the DarkNet Badge!  enjoy my pictures. The hat data is still being analyzed.  I’ll try to build something out of it eventually.


DEFCON26 - Badge Acquired DEFCON26 - Car Hacking Village Badge DEFCON26 - Blockchain Badge DEFCON26 - Show us what you got?! Battlefield Las Vegas - Mac-10 Battlefield Las Vegas - Tank Collection Battlefield Las Vegas - Tank crushing car Battlefield Las Vegas - Tank crushing car close
Continue reading “Back to reality after another amazing DEFCON!”

hardware, Internet, pointless, Raspberry Pi, Recreation, technology, Travel

Introducing DEFCam or how i made a hat for DEFCON!

| be3n

DEFCam hat

This is a silly project that i have spent probably too much time on.  First I thought, why not time-lapse my upcoming defcon trip.  Then i thought, why not live stream it.  So… I started with a Pi Zero and a Pi Camera v1.  Wired some pins to the GPIO for power.  Made a custom wire and hot glued it into the hat.  Done!

https://be3n.com/defcon

DEFCam - pi zero cam case

DEFCam - prototypeDEFCam - original wiringDEFCam - can see itself
Continue reading “Introducing DEFCam or how i made a hat for DEFCON!”

Culture, Internet, Politics, Soapbox, television

Last days of the #dailyshowlibrary!

| be3n

tiny hands tweeting

This small exhibit includes audio/video recordings from the Daily Show cast as well as Trump Survivors.  Even a set with a golden toilet and props to pose with. (i had to grab a tie, but it wasn’t long enough for me).  We were given name tags upon our arrival complete with nickname (mine was “Buzzkill be3n”).  you can see the whole exhibit in under an hour.  well worth the visit!

Sunday June 17th is the last day in LA.  631 N Robertson Blvd. 12pm-10pm.


be3n Trump #dailyshowlibrary set with golden toilet
Continue reading “Last days of the #dailyshowlibrary!”

Internet, Security, Software, technology

Hosted Unifi controller with Let’s Encrypt SSL!

| be3n

Unifi controller with SSL from Let's Encrypt

UPDATE:  this is all outdated, go here.

I have been consolidating some of my sites onto a single hosted Unifi controller.  Documentation was outdated so I am going to post some useful info here. My original plan was to setup a basic apache2 site, use certbot to generate my certificates and then install them into the Unifi controller. The first frustration is that you cannot simply install the certs you want into the unifi controller.  second frustration, java.  once you get over that, it’s super easy.

I had some issues with the initial migration.  i ended up having to start over.  handy command to remove unifi controller with all it’s configuration and data. apt-get remove unifi --purge Just remember, you will need to reinstall Unifi after. It will be bran new and back to the wizard.

Getting started with SSL, I learned mostly from here.  First create a CSR with unifi through command line…
cd /usr/lib/unifi
java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>

this creates unifi_certificate.csr.der and unifi_certificate.csr.pem inside the data directory where you already are (/usr/lib/unifi/).  Now we need to feed the CSR into certbot.  Note that at this point,  i already have apache2 installed with a very simple virutalhost and site setup with the domain i am creating a cert for.  Here is the command to feed the CSR generated by Unifi into certbot to be certified:
certbot certonly --apache --csr /usr/lib/unifi/data/unifi_certificate.csr.der

Certbot will make sure that domain is yours (and your apache config is working) and then output a signed cert and a chain that is almost everything you need to install the certificate back into the Unifi controller.  Still in /usr/lib/unifi/data/ 0000_cert.pem is my signed cert and 0001_chain.pem is my signed cert plus the intermediate certificate. what’s missing is Let’s Encrypt’s Root certificate to validate the intermediate certificate and thus complete the chain of trust.

Continue reading “Hosted Unifi controller with Let’s Encrypt SSL!”

Corporations, Internet, technology

AOL Instant Messenger Shutting Down!

| be3n

AOL’s Long running messaging service will end on December 15th. Though it’s true that i rarely use it these days and that I actually lost my original account years ago… I have fond memories of this communications protocol.  I continue to communicate with people though AIM. Apple had strong links to it at the launch of iChatAV. #nostalgia  Well, AOL broke the news with a tweet.  ironic?

AIM sunset tweet: All Good things come to an end. On Dec 15, we'll bid farewell to AIM. Thank you to all our users!

art, Culture, Internet, Software, technology

Happy Birthday GIF!

| be3n

On this day in 1987 Steve Wilhite while working at CompuServe developed the GIF format.  Thanks to the internet and the fact that internet speeds continue to accelerate they have become the defacto animation format.  Hooray!  It is importent to point out that although the GIF is 30 years old today, the animated version that we are so familiar with did not become available until 1989.  Don’t tell me how to pronounce it. Enjoy my collection.

be3n bangs a gong

Internet, Politics, Soapbox, technology

Ken Calvert’s Town Hall, he phoned it in…

| be3n

I tried to participate in Ken Calvert’s telephone town hall tonight, even recorded some of it.  Unfortunately, they never took my question or even my promised recorded voicemail.

Many of my comments were addressed by others and most were deflected by Representative Calvert.  I am certainly no expert on this stuff, but here are the points i would have brought up.

  • CRA bill – Representative Calvert seems to have missed the distinction between internet service providers that offer services like Google, Facebook, or Snapchat and telecommunications providers that provide the very lines on witch those services depend.   This is a critical distinction.  Unlike service providers, it is not so easy to just find a telecommunications provider who’s policy you agree with.  In most of America, they are practically monopolies.
  • Russians!! – Lifting sanctions preventing Russian intelligence agency from purchasing surveillance technology?  Why now?  Representative Calvert talked about apposing foreign manipulation of our elections, but what about foreign money buying influence?  Citizens united says money is speech, but what about foreign money?
  • Obamacare Vs Trumpcare – Preexisting conditions? Failing program? It is certainly not perfect (don’t get me started), but my family would be destitute if it weren’t for the Affordable Care Act.  The current offering as a replacement looks terrible and doesn’t include amendments for preexisting conditions.  What will next year bring?
Corporations, Internet, Security, Soapbox, Software, technology

SSL problem, it wasn’t me!

| be3n

broken keyI just assumed that the problem was related to my recent SSL renewal.  Turns out, Google security recently published Distrusting WoSign and StartCom Certificates and removed them from chrome.  How did I miss this?  It turns out that the SSL on my site has been broken on Chrome for some time.  It must be that I have been using Brave recently as my daily browser.  I moved this site to letsencrypt.org and it’s working fine for everyone now.  I don’t even know how much time I waisted on this one.  wow.