jrotello/deploy-unifi-cert.sh

## deploy-unifi-cert.sh
#!/bin/bash

# Setup your Domain
DOMAIN="<domain_name_here>"
DEHYDRATED_CERTS="/home/dehydrated/certs/$DOMAIN"

# Stop the services
echo "Stopping services..."
service nginx stop
service unifi stop

# Convert cert to PKCS #12 format
echo "Create temporary PKCS12..."
openssl pkcs12 \
	-export \
	-inkey $DEHYDRATED_CERTS/privkey.pem \
	-in $DEHYDRATED_CERTS/fullchain.pem \
	-out /etc/ssl/private/cert.p12 \
	-name ubnt -password pass:temppass

# Load it into the java keystore that UBNT understands
echo "Load PKCS12 into the java keystore"
keytool \
	-importkeystore \
	-deststorepass aircontrolenterprise \
	-destkeypass aircontrolenterprise \
	-destkeystore /etc/ssl/private/unifi.keystore.jks \
	-srckeystore /etc/ssl/private/cert.p12 \
	-srcstoretype PKCS12 \
	-srcstorepass temppass \
	-alias ubnt \
	-noprompt

# Clean up and use new cert
echo "Remove temporary PKCS12..."
rm /etc/ssl/private/cert.p12

# Also use the same certificate for Nginx (Cloud Key Configuration)
echo "Configure Nginx (Cloud Key Configuration)..."
rm /etc/ssl/private/cloudkey.crt
rm /etc/ssl/private/cloudkey.key

cp $DEHYDRATED_CERTS/privkey.pem /etc/ssl/private/cloudkey.key
cp $DEHYDRATED_CERTS/fullchain.pem /etc/ssl/private/cloudkey.crt

cd /etc/ssl/private/
tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks

#Start the services
echo 'Starting services...'
service nginx start
service unifi start

echo "Done!"
	#!/bin/bash

	# Setup your Domain
	DOMAIN="<domain_name_here>"
	DEHYDRATED_CERTS="/home/dehydrated/certs/$DOMAIN"

	# Stop the services
	echo "Stopping services..."
	service nginx stop
	service unifi stop

	# Convert cert to PKCS #12 format
	echo "Create temporary PKCS12..."
	openssl pkcs12 \
	-export \
	-inkey $DEHYDRATED_CERTS/privkey.pem \
	-in $DEHYDRATED_CERTS/fullchain.pem \
	-out /etc/ssl/private/cert.p12 \
	-name ubnt -password pass:temppass

	# Load it into the java keystore that UBNT understands
	echo "Load PKCS12 into the java keystore"
	keytool \
	-importkeystore \
	-deststorepass aircontrolenterprise \
	-destkeypass aircontrolenterprise \
	-destkeystore /etc/ssl/private/unifi.keystore.jks \
	-srckeystore /etc/ssl/private/cert.p12 \
	-srcstoretype PKCS12 \
	-srcstorepass temppass \
	-alias ubnt \
	-noprompt

	# Clean up and use new cert
	echo "Remove temporary PKCS12..."
	rm /etc/ssl/private/cert.p12

	# Also use the same certificate for Nginx (Cloud Key Configuration)
	echo "Configure Nginx (Cloud Key Configuration)..."
	rm /etc/ssl/private/cloudkey.crt
	rm /etc/ssl/private/cloudkey.key

	cp $DEHYDRATED_CERTS/privkey.pem /etc/ssl/private/cloudkey.key
	cp $DEHYDRATED_CERTS/fullchain.pem /etc/ssl/private/cloudkey.crt

	cd /etc/ssl/private/
	tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks

	#Start the services
	echo 'Starting services...'
	service nginx start
	service unifi start

	echo "Done!"