Last active
May 5, 2021 05:45
-
-
Save mattrude/d928d0779327b6ae7d23a6c28f4c04a3 to your computer and use it in GitHub Desktop.
Install a Let's Encrypt certificate on a UniFi Cloud Key controller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
HOSTNAME="unifi.lan.therudes.com" | |
EMAIL="matt@mattrude.com" | |
# Update the System before we start | |
rm -f /tmp/installed-packages.txt | |
echo "deb http://ftp.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list | |
dpkg --get-selections |awk '{print $1}' |sed 's/:amd64//g' |sed 's/:armhf//g' > /tmp/installed-packages.txt | |
UPDATE="" # Start out with UPDATE being NULL | |
for a in git vim software-properties-common | |
do | |
if [ `egrep "^$a$" /tmp/installed-packages.txt |wc -l` != "1" ]; then | |
echo "$a is not installed" | |
UPDATE="$a $UPDATE" | |
fi | |
done | |
if [ "$UPDATE" != "" ]; then | |
echo "Installing needed file(s): ${UPDATE}" | |
sudo apt-get update | |
sudo apt-get install -y $UPDATE | |
fi | |
if [ `egrep "^certbot$" /tmp/installed-packages.txt |wc -l` != "1" ]; then | |
echo "Installing Let's Encrypt certbot" | |
sudo apt-get update -q | |
sudo apt-get -y install certbot -t jessie-backports | |
fi | |
rm -f /tmp/installed-packages.txt | |
# Install the nginx config file | |
echo "Install the nginx config file." | |
mkdir -p /tmp/cert | |
echo "server { | |
listen 80; | |
server_name ${HOSTNAME}; | |
location '/.well-known/acme-challenge' { | |
default_type \"text/plain\"; | |
root /tmp/cert; | |
break; | |
} | |
}" > /etc/nginx/sites-enabled/cert-updater | |
/usr/sbin/nginx -s reload | |
sleep 5 | |
if [ -d /etc/letsencrypt/live/${HOSTNAME} ]; then | |
RENEW=`certbot renew |tee -ai /var/log/letsencrypt/letsencrypt-renew.log |grep "Congratulations, all renewals succeeded." |wc -l` | |
else | |
certbot certonly --webroot -w /tmp/cert -d ${HOSTNAME} --email ${EMAIL} --agree-tos --renew-by-default |tee -ai /var/log/letsencrypt/letsencrypt-renew.log | |
RENEW=1 | |
fi | |
if [ ${RENEW} -gt 0 ]; then | |
echo "Update needed, updating UniFi" | |
service unifi stop && sleep 5 && \ | |
mv /usr/lib/unifi/data/keystore /usr/lib/unifi/data/keystore.old && \ | |
sudo openssl pkcs12 -export -inkey /etc/letsencrypt/live/${HOSTNAME}/privkey.pem -in /etc/letsencrypt/live/${HOSTNAME}/fullchain.pem -out /tmp/cert.p12 -name ubnt -password pass:temppass && \ | |
sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -srckeystore /tmp/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias ubnt -noprompt && \ | |
sleep 5 && service unifi start | |
echo "Done updating UniFi" | |
fi | |
rm -rf /etc/nginx/sites-enabled/cert-updater /tmp/cert && /usr/sbin/nginx -s reload |
Author
mattrude
commented
Sep 30, 2019
via email
It should work fine with a godaddy email,I haven't tested it with one, but your email address shouldn't matter. You may place the script anywhere on your CloudKey, then set it to be executable (chmod 755 cloudkey-update-cert.sh) and run it.
…----
Matt Rude
Minneapolis, Minnesota, USA
site: https://mattrude.com
email: matt@mattrude.com
xmpp: matt@mattrude.com
pgp: 0x7fd07a5124cd67c8
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, September 24, 2019 8:56 PM, K1shan ***@***.***> wrote:
Hi
I have Godaddy email does this work with that?
Also, where do I place this in my cloud key and how do I run it?
Thank You!
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.[https://github.com/notifications/beacon/AAAVW7BC5DP3PGSZSR7STYTQLLAORA5CNFSM4I2GVUY2YY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAFZLC4.gif]
how do you run this installation script
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment