You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

57 lines
2.3 KiB

#!/usr/bin/env bash
# Modified script from here:
# Modified by: Brielle Bruns <>
# Download URL:
# Last Changed: 2/27/2016
# 02/02/2016: Fixed some errors with key export/import, removed lame docker requirements
# 02/27/2016: More verbose progress report
# The main domain name of your controller
# Your e-mail address for notifications of certificate issues
# Identrust cross-signed CA cert needed by the java keystore for import.
# Can get original here:
echo "Stopping Unifi controller..."
service unifi stop
echo "Firing up standalone authenticator on TCP port 443 and requesting cert..."
/usr/src/letsencrypt/letsencrypt-auto \
--email ${EMAIL} \
--server \
--agree-tos \
--renew-by-default \
-d ${DOMAIN} \
--standalone --standalone-supported-challenges tls-sni-01 \
echo "Using openssl to prepare certificate..."
openssl pkcs12 -export -passout pass:aircontrolenterprise \
-in /etc/letsencrypt/live/${DOMAIN}/cert.pem \
-inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem \
-out ${TEMPFILE} -name unifi \
-CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root
echo "Removing existing certificate from Unifi protected keystore..."
keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \
-deststorepass aircontrolenterprise
echo "Inserting certificate into Unifi keystore..."
keytool -trustcacerts -importkeystore \
-deststorepass aircontrolenterprise \
-destkeypass aircontrolenterprise \
-destkeystore /usr/lib/unifi/data/keystore \
-srckeystore ${TEMPFILE} -srcstoretype PKCS12 \
-srcstorepass aircontrolenterprise \
-alias unifi
rm -f ${TEMPFILE}
echo "Importing cert into Unifi database..."
java -jar /usr/lib/unifi/lib/ace.jar import_cert \
/etc/letsencrypt/live/${DOMAIN}/cert.pem \
/etc/letsencrypt/live/${DOMAIN}/chain.pem \
echo "Starting Unifi controller..."
service unifi start
echo "Done!"