Hosted Unifi controller with Let’s Encrypt SSL!

Unifi controller with SSL from Let's Encrypt

I have been consolidating some of my sites onto a single hosted Unifi controller.  Documentation was outdated so I am going to post some useful info here. My original plan was to setup a basic apache2 site, use certbot to generate my certificates and then install them into the Unifi controller. The first frustration is that you cannot simply install the certs you want into the unifi controller.  second frustration, java.  once you get over that, it’s super easy.

I had some issues with the initial migration.  i ended up having to start over.  handy command to remove unifi controller with all it’s configuration and data. apt-get remove unifi --purge Just remember, you will need to reinstall Unifi after. It will be bran new and back to the wizard.

Getting started with SSL, I learned mostly from here.  First create a CSR with unifi through command line…
cd /usr/lib/unifi
java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>

this creates unifi_certificate.csr.der and unifi_certificate.csr.pem inside the data directory where you already are (/usr/lib/unifi/).  Now we need to feed the CSR into certbot.  Note that at this point,  i already have apache2 installed with a very simple virutalhost and site setup with the domain i am creating a cert for.  Here is the command to feed the CSR generated by Unifi into certbot to be certified:
certbot certonly --apache --csr /usr/lib/unifi/data/unifi_certificate.csr.der

Certbot will make sure that domain is yours (and your apache config is working) and then output a signed cert and a chain that is almost everything you need to install the certificate back into the Unifi controller.  Still in /usr/lib/unifi/data/ 0000_cert.pem is my signed cert and 0001_chain.pem is my signed cert plus the intermediate certificate. what’s missing is Let’s Encrypt’s Root certificate to validate the intermediate certificate and thus complete the chain of trust.

Continue reading “Hosted Unifi controller with Let’s Encrypt SSL!”

Just keep cobbling

Aerial AnimationI rebuilt my Mac Pro software completely and it appears to have resolved the idle hanging problem.  It is alway an annoying amount of work getting everything up and running again.  It’s nice to have everything fresh and clean and worth it to finally have a stable desktop.  The most frustrating part of this kind of solution is that nothing is learned.  How?  Why?  No answers, but at least an end to the frustration!

UPDATE!  – Nothing is resolved!  it just took over 48 hours for the problem to return. 😤

Silver lining was my brief use of screensavers and discovering John Coats work to bring the beautiful Aerial flyovers from the Apple TV to all macs.  Looks amazing on 3 screens!

Update! – It’s finally fixed!

Sometimes I feel like the cobbler with no shoes

High Sierra InstallI upgraded my Mac Pro to High Sierra.  For the most part it was seamless.  The installer automatically migrated the HFS+ file system to AFPS and everything appeared to be working great.  As it turns out. . . I have a new intermittent problem that causes the computer to become unresponsive while idle.

It presents primarily as a failure to wake from sleep (backlit black screens instead).  Display sleep is actually all that is required to present and of course it is not every time.  It is often enough for me to return to the 90s habit of shutting down my computer after I finish using it lest I cause irreparable harm to my mounted file systems.  Here are some things i have discovered while trying to resolve.  Sometimes i can access the computer remotely, other times not, never graphically.  Sometimes the system hangs as soon as it goes idle, sometimes it continues to operate.  Sometimes it restarts from “sudo reboot” from an ssh session, other times it just hangs completely when i try.  The console logs are useless.  Nothing at all before the reboot.  When unresponsive, there is nothing to do but hold the power button.

The difficulty i am having at discovering the core of the issue combined with the fact that my remote backup has gotten stale is driving me crazy.  There seems to be people complaining about this on every Apple forum there is.  I am not alone:…

UPDATE:  It’s finally fixed!

Stepping back into Wireless Security

wifi-crack Believe it or not, my home network actually used Radius authentication many years ago. Before I got a Nest (which still cannot connect to anything that isn’t open, WEP, or WPA/WPA2).  At the time, I assumed the Nest app talked directly to the thermostat.  Not true.  It just needs internet to talk to it’s servers where it receives the commands and preferences from the app.  Armed with that knowledge and recent revelations about the security of WPA2, I set to the task of reimplementing Radius on my network.  First, I needed to asses which devices, like the Nest, would be unable to make the transition.  Luckily, most of these devices don’t need anything more then internet access.  One was moved to a hard line and the last attached to a Radius capable wireless bridge.  I added a internet only wireless network for my embedded devices and moved my privileged network to Radius authentication. It was time to change my password anyway. Stay safe!

Continue reading “Stepping back into Wireless Security”

iOS 11! installed!

looking good with exciting new Control Center and loads of other features. my favorite is 5x sleep to disable touch ID (instantly and temporarily). I am looking forward to the new Augmented Reality features built into ARkit. I cannot wait to see what developers do with it.

There are a few sticky wickets (i.e. Apple changed the bluetooth and wifi toggle functionality in Control Center). For example, if you “turn off” wifi it actually just disassociates you from your current network leaving your wifi radio on and functioning. i don’t mind because i wanted exactly this feature. if you actually want to turn off a radio, you need to go to your Settings app or turn on Airplane mode.

Apple maps is stepping up their game with indoor maps of malls, airports and others allowing navigation without GPS or even a view of the sky. Easy trick to share your complex wifi password with other apple devices and of course native animated GIF support!

Continue reading “iOS 11! installed!”

Remember when Migration Assistant worked with Disk Images?

Apple Disk Image IconI don’t exactly recall when Apple’s Migration Assistant started logging out the user (10.9ish), but since then it has been a little more irritating to migrate from a dmg or other image format (as opposed to a source hard drive or time machine backup).  Here is a simple Terminal command to mount the image as root and thus keep it mounted after logout.

sudo hdiutil attach diskimage.dmg

This process does require running a checksum, and for larger images that could take a while.  Once you run this command and it completes its verification of the disk image, simply run Migration Assistant and complete the migration.  After migration and a restart, the image is unmounted and you are ready to work on your newly migrated mac. (note: migration can also take quite a while depending on the amount of data)

Happy Birthday GIF!

On this day in 1987 Steve Wilhite while working at CompuServe developed the GIF format.  Thanks to the internet and the fact that internet speeds continue to accelerate they have become the defacto animation format.  Hooray!  It is importent to point out that although the GIF is 30 years old today, the animated version that we are so familiar with did not become available until 1989.  Don’t tell me how to pronounce it. Enjoy my collection.

be3n bangs a gong