Skip to content

Instantly share code, notes, and snippets.

Last active Jul 31, 2021
What would you like to do?
Add SSL Certificate to Unifi Controller using and DNS verification

My domain is registered on cloudflare.

So go to to either use global key
or better create a new api key for a specific zone with zone dns edit permissions.

Copy that token you just created. Go back to dashboard, click on the domain you want to use
bottom right corner copy the zone id.

Acme Client I have used
curl | sh -s
change to your email address.

export CF_Zone_ID="zone-id"
export CF_Token="api-token"
replace with values you copied earlier.

Do note changed their default CA
ZeroSSL is default now.
If you want to change the default to let's say Let's Encrypt --set-default-ca --server letsencrypt

execute this --issue --dns dns_cf -d unifi.controller.tld
change to your actual sub/domain
and let acme issue you a cert for it.

now execute this command to deploy the issued certificate --deploy -d unifi.controller.tld --deploy-hook unifi
change your sub/domain once again.
More about deploy-hooks (especially unifi) check here
As of now supports

 - self-hosted Unifi Controller
 - Unifi Cloud Key (Gen1/2/2+)
 - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only)

All good for my selfhosted controller on a raspberry pi 2 with raspbian (debian 9/stretch)

Acme even created a cronjob for you which you can check here
crontab -l
47 0 * * * "/root/"/ --cron --home "/root/" > /dev/null

If it's missing for some reason just run --install-cronjob

Not sure if the cronjob also automatically uses the unifi deploy hook again.
Will update this then.

All commands together

curl | sh -s

export CF_Zone_ID="zone-id"
export CF_Token="api-token" --set-default-ca  --server  letsencrypt --issue --dns dns_cf -d unifi.controller.tld --deploy -d unifi.controller.tld --deploy-hook unifi

crontab -l

leave out the set-default-ca line if you are okay with ZeroSSL
Also note that you may have to reconnect to ssh/restart terminal
to be able to use as command right away.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment