Recently I have decided to move away from free Letsencrypt and create my own wildcard certificate from “commercial” certiicate provider. In my case it is Digicert.
Main reason for this is that I used to forget to renew cert and had to manually reconfigure ports when I used cron script to automatically renew Letsencrypt certificate.
Since I was doing this I also decided to move to new virtual machine. Process for this was very simple:
- Install latest Ubuntu server
- Apply latest updates
- Utilize this simple script to install latest Unifi controller
- During site setup, restored backup from old controller
- Import Digicert wildcard certificate (explained later)
- Changed IP address of new controller to the one of old controller
Import Digicert wildcard certificate
I will just outline this process in easy to follow steps:
- Obtain certificate from your provider
- Download your .cer file and root and any Intermediate .cer files
- Transfer all files to your Ubuntu VM to a location where your .key file is
- Run following command to bundle root and intermediate certificates
cat your_domain_name.crt DigiCertCA.crt intermediateCA >> bundle.crt
- Run following commands to import certificates and restart Unifi service
openssl pkcs12 -export -in yourwildcardcert.crt -inkey yourcertkeyfile.key -certfile bundle.crt -out unifi.p12 -name unifi -password pass:aircontrolenterprise
keytool -importkeystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -storepass aircontrolenterprise
service unifi restart
And volila! Your Unifi controller is now running on https.