LetsEncrypt Certificates permanently with Ubiquiti UDM/UDM-Pro

Some time ago I decided to move al my family house network to Ubiquiti, that’s another story… The included default cert with UDM/UDM-Pro is self-signed and could give us any problem depending on the Web Browser and OS. So to handle the time to renew the certs @kchristensen has developed a bash solution using lego which he called udm-le.

To get this we must enable SSH authentication in the UDM/UDM-Pro. If you do not know the SSH password you can use the button to change the password.

Now to login we should use “Terminal” in macOS, the “Console” in Linux or Putty on Windows (how to connect through ssh to another machine is not the topic here, you can search any video-tutorial).

To get connected to UDM/UDM-Pro we should use next data:

  • User: root
  • Server: Out Gateway IP, by default 192.168.1.1 or whatever you have configured in Local Networks (in Unifi Controller).

At the time we have been connected to the UDM/UDM-Pro we will install the package that make persistent load any bash script we want when the UDM/UDM-Pro starts (UDM/UDMPro Boot Script). To install the package you should exec:

unifi-os shell
curl -L https://raw.githubusercontent.com/boostchicken/udm-utilities/master/on-boot-script/packages/udm-boot_1.0.1-1_all.deb -o udm-boot_1.0.1-1_all.deb
dpkg -i udm-boot_1.0.1-1_all.deb
exit

When we have finished previous commands we should keep connected to UDM and exec the next command that install UDM-LE script to generate and autorenew the certificates (you can copy all comands and push “Enter” key to exec all in one step):

curl -Lk0o /mnt/data/udm-le-master.zip https://codeload.github.com/kchristensen/udm-le/zip/master && \
unzip /mnt/data/udm-le-master.zip -d /mnt/data && \
mv /mnt/data/udm-le-master /mnt/data/udm-le && \
cp /mnt/data/udm-le/on_boot.d/99-udm-le.sh /mnt/data/on_boot.d/ \
chmod +x /mnt/data/on_boot.d/99-udm-le.sh && \
chmod +x /mnt/data/udm-le/udm-le.sh && \
rm /mnt/data/udm-le-master.zip

Now you must configure the file `/mnt/data/udm-le/lego.env` with the environmental variables for your domain providers (click to see the Lego Script documentation about this). If you use OVH like me you should generate first an API Token.

vi /mnt/data/udm-le/lego.env

The first run must be:

/mnt/data/udm-le/udm-le.sh initial

With this it should ask you (or not) to reboot your UDM and all would be running.


If you want to deactivate, uninstall and delete this you should exec this two commands:

rm -f /mnt/data/on_boot.d/99-udm-le.sh
rm -fr /mnt/data/udm-le

If you want to buy one UDM/UDM-Pro, you can use any next link and you will support me if you buy through Amazon (it won’t cost you any extra money):