Install a Let's Encrypt certificate on a UniFi Cloud Key controller

cloudkey-update-cert.sh

#!/bin/sh

HOSTNAME="unifi.lan.therudes.com"
EMAIL="matt@mattrude.com"

# Update the System before we start
rm -f /tmp/installed-packages.txt
echo "deb http://ftp.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list
dpkg --get-selections |awk '{print $1}' |sed 's/:amd64//g' |sed 's/:armhf//g' > /tmp/installed-packages.txt
UPDATE="" # Start out with UPDATE being NULL
for a in git vim software-properties-common
do
    if [ `egrep "^$a$" /tmp/installed-packages.txt |wc -l` != "1" ]; then
        echo "$a is not installed"
        UPDATE="$a $UPDATE"
    fi
done

if [ "$UPDATE" != "" ]; then
    echo "Installing needed file(s): ${UPDATE}"
    sudo apt-get update
    sudo apt-get install -y $UPDATE
fi

if [ `egrep "^certbot$" /tmp/installed-packages.txt |wc -l` != "1" ]; then
    echo "Installing Let's Encrypt certbot"
    sudo apt-get update -q
    sudo apt-get -y install certbot -t jessie-backports
fi

rm -f /tmp/installed-packages.txt

# Install the nginx config file
echo "Install the nginx config file."
mkdir -p /tmp/cert
echo "server {
    listen 80;
    server_name ${HOSTNAME};

    location '/.well-known/acme-challenge' {
        default_type \"text/plain\";
        root /tmp/cert;
        break;
    }
}" > /etc/nginx/sites-enabled/cert-updater

/usr/sbin/nginx -s reload

sleep 5

if [ -d /etc/letsencrypt/live/${HOSTNAME} ]; then
    RENEW=`certbot renew |tee -ai /var/log/letsencrypt/letsencrypt-renew.log |grep "Congratulations, all renewals succeeded." |wc -l`
else
    certbot certonly --webroot -w /tmp/cert -d ${HOSTNAME} --email ${EMAIL} --agree-tos --renew-by-default |tee -ai /var/log/letsencrypt/letsencrypt-renew.log
    RENEW=1
fi

if [ ${RENEW} -gt 0 ]; then
    echo "Update needed, updating UniFi"
    service unifi stop && sleep 5 && \
    mv /usr/lib/unifi/data/keystore /usr/lib/unifi/data/keystore.old && \
    sudo openssl pkcs12 -export -inkey /etc/letsencrypt/live/${HOSTNAME}/privkey.pem -in /etc/letsencrypt/live/${HOSTNAME}/fullchain.pem -out /tmp/cert.p12 -name ubnt -password pass:temppass && \
    sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -srckeystore /tmp/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias ubnt -noprompt && \
    sleep 5 && service unifi start
    echo "Done updating UniFi"
fi

rm -rf /etc/nginx/sites-enabled/cert-updater /tmp/cert && /usr/sbin/nginx -s reload

It should work fine with a godaddy email,I haven't tested it with one, but your email address shouldn't matter.  You may place the script anywhere on your CloudKey, then set it to be executable (chmod 755 cloudkey-update-cert.sh) and run it.

…

---- Matt Rude Minneapolis, Minnesota, USA site: https://mattrude.com email: matt@mattrude.com xmpp: matt@mattrude.com pgp: 0x7fd07a5124cd67c8 ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Tuesday, September 24, 2019 8:56 PM, K1shan ***@***.***> wrote: Hi I have Godaddy email does this work with that? Also, where do I place this in my cloud key and how do I run it? Thank You! — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.[https://github.com/notifications/beacon/AAAVW7BC5DP3PGSZSR7STYTQLLAORA5CNFSM4I2GVUY2YY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAFZLC4.gif]

how do you run this installation script