Skip to content

Instantly share code, notes, and snippets.

@mattrude
Last active March 13, 2020 15:24
Show Gist options
  • Save mattrude/a0e00024b14351e51a78193d9d8e4e33 to your computer and use it in GitHub Desktop.
Save mattrude/a0e00024b14351e51a78193d9d8e4e33 to your computer and use it in GitHub Desktop.
This small script will update your Unifi Controller's TLS Cert
#!/bin/bash
#########################################################
# A Small script to update the UniFi Keystore file from #
# an letsencrypt auto generated certificate. #
#########################################################
# The Domain of the UniFi Controller
DOMAIN='unifi.lan.therudes.com'
# Update the Letsencrypt Cert
/usr/bin/letsencrypt renew
# Checking if the key has been updated.
if [ /etc/letsencrypt/live/${DOMAIN}/privkey.pem -nt /usr/lib/unifi/data/keystore ]; then
echo "Updating UniFi Cert"
# Stop the UniFi Controller
/usr/bin/service unifi stop
# Export the newly created Letsencrypt Cert
echo 2413FB3709B05939F | /usr/bin/openssl pkcs12 -export -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem -in /etc/letsencrypt/live/${DOMAIN}/cert.pem -name unifi -out /etc/letsencrypt/live/${DOMAIN}/keys.p12 -password stdin
# Convert the newly created Letsencrypt Cert to UniFi's keystore format
echo y | /usr/bin/keytool -importkeystore -srckeystore /etc/letsencrypt/live/${DOMAIN}/keys.p12 -srcstoretype pkcs12 -destkeystore /usr/lib/unifi/data/keystore -storepass aircontrolenterprise -srcstorepass 2413FB3709B05939F
# Restart the UniFi Controller
/usr/bin/service unifi start
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment