You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

56 lines
2.3 KiB

5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
  1. #!/usr/bin/env bash
  2. # Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh
  3. # Modified by: Brielle Bruns <bruns@2mbit.com>
  4. # Download URL: https://source.sosdg.org/brielle/lets-encrypt-scripts
  5. # Last Changed: 2/27/2016
  6. # 02/02/2016: Fixed some errors with key export/import, removed lame docker requirements
  7. # 02/27/2016: More verbose progress report
  8. # The main domain name of your controller
  9. DOMAIN="unifi.xxxx.xxxxx"
  10. # Your e-mail address for notifications of certificate issues
  11. EMAIL="email@here"
  12. # Identrust cross-signed CA cert needed by the java keystore for import.
  13. # Can get original here: https://www.identrust.com/certificates/trustid/root-download-x3.html
  14. EXTRACERT="/root/DSTROOTCAX3.txt"
  15. TEMPFILE=$(mktemp)
  16. echo "Stopping Unifi controller..."
  17. service unifi stop
  18. echo "Firing up standalone authenticator on TCP port 443 and requesting cert..."
  19. /usr/src/letsencrypt/letsencrypt-auto \
  20. --email ${EMAIL} \
  21. --server https://acme-v01.api.letsencrypt.org/directory \
  22. --agree-tos \
  23. --renew-by-default \
  24. -d ${DOMAIN} \
  25. --standalone --standalone-supported-challenges tls-sni-01 \
  26. certonly
  27. echo "Using openssl to prepare certificate..."
  28. openssl pkcs12 -export -passout pass:aircontrolenterprise \
  29. -in /etc/letsencrypt/live/${DOMAIN}/cert.pem \
  30. -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem \
  31. -out ${TEMPFILE} -name unifi \
  32. -CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root
  33. echo "Removing existing certificate from Unifi protected keystore..."
  34. keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \
  35. -deststorepass aircontrolenterprise
  36. echo "Inserting certificate into Unifi keystore..."
  37. keytool -trustcacerts -importkeystore \
  38. -deststorepass aircontrolenterprise \
  39. -destkeypass aircontrolenterprise \
  40. -destkeystore /usr/lib/unifi/data/keystore \
  41. -srckeystore ${TEMPFILE} -srcstoretype PKCS12 \
  42. -srcstorepass aircontrolenterprise \
  43. -alias unifi
  44. rm -f ${TEMPFILE}
  45. echo "Importing cert into Unifi database..."
  46. java -jar /usr/lib/unifi/lib/ace.jar import_cert \
  47. /etc/letsencrypt/live/${DOMAIN}/cert.pem \
  48. /etc/letsencrypt/live/${DOMAIN}/chain.pem \
  49. ${EXTRACERT}
  50. echo "Starting Unifi controller..."
  51. service unifi start
  52. echo "Done!"