Certbot for Ubiquiti devices

generation.sh

echo dns_nsone_api_key=abc123def > /etc/letsencrypt/nsone.ini
certbot certonly --dns-nsone --dns-nsone-credentials /etc/letsencrypt/nsone.ini -d router.modestmind.net -d switch.modestmind.net -d unifi.modestmind.net
cd /etc/letsencrypt/live/router.modestmind.net

# Lighttpd expects a single pem with the key and certificate chain
cat privkey.pem fullchain.pem > combined.pem

# Copy the certificate to the devices
scp combined.pem router.modestmind.net:/etc/lighttpd/server.pem
scp combined.pem switch.modestmind.net:/etc/server.pem

# Restart lighttpd on the devices
ssh router.modestmind.net kill -SIGINT $(cat /var/run/lighttpd.pid); /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
ssh switch.modestmind.net kill -SIGINT $(cat /var/run/lighttpd.pid); /usr/sbin/lighttpd -f /etc/lighttpd.conf

renewal.sh

#!/bin/bash
certbot renew

cd /etc/letsencrypt/live/router.modestmind.net
cat privkey.pem fullchain.pem > combined.pem

# Copy the certificate to the devices
scp combined.pem switch.modestmind.net:/etc/server.pem
scp combined.pem router.modestmind.net:/etc/lighttpd/server.pem

# Restart lighttpd on the devices
ssh switch.modestmind.net kill -SIGINT $(cat /var/run/lighttpd.pid); /bin/lighttpd -D -f /etc/lighttpd.conf
ssh router.modestmind.net kill -SIGINT $(cat /var/run/lighttpd.pid); /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf

# Restart nginx for the unifi controller 
service nginx restart