Unifi Video and LetsEncrypt

Unifi Video by Ubiquiti is still used for many dedicated servers. Now with the newer Unifi Protect system, getting an official LetsEncrypt setup on existing Unifi Video servers is a very unlikely.
This script is very similar to the Unifi Controller LetsEncrypt article I posted over a year ago.

Install Certbot, see official install instructions for your operating system. I have only used Ubuntu.

Setup a file for a monthly cron to auto renew. If you get a prompt on which editor to use, I normally choose Nano but that’s completely up to you.

sudo crontab -e

Add code to bottom of the cron job file:

0 0 1 * * /etc/unifi_video_le.sh >/dev/null 2>&1

Now lets create the file and save it to standard directory for ease of use:

sudo nano /etc/unifi_video_le.sh

Copy the code below, make sure to change the controller.yourdomain.com to the actual domain of the controller:

#!/bin/bash

# Copyright (C) 2020 Drew Gauderman <[email protected]>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of this software
# and associated documentation files (the "Software"), to deal in the Software without restriction,
# including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all copies or substantial
# portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
# FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

#--------------------------------------------------
# Unifi Video Lets Encrypt. v1.0.1
# To install: https://bleepingmachines.com/unifi-video-and-letsencrypt/
#
# Release Notes:
#   v1.0.1 - Added UNIFIPATH for custom install paths
#   v1.0.0 - Initial Release
#--------------------------------------------------

# Set the UNIFIDOMAIN name, that points to your NVR, a valid DNS entry must exist
UNIFIDOMAIN="nvr.yourdomain.com"

# Folder UNIFIPATH to your Unifi Video data. Depends on how it was installed.
# most common
UNIFIPATH="/var/lib/unifi-video"
# least common
#UNIFIPATH="/usr/lib/unifi-video/data"

# NO NEED TO DO NOT EDIT BELOW --------------

# Stop the UniFi Video service
service unifi-video stop

# Enable custom certificates in the system.properties for Unifi Video
grep -qxF 'ufv.custom.certs.enable=true' ${UNIFIPATH}/system.properties || echo "ufv.custom.certs.enable=true" >>${UNIFIPATH}/system.properties

#backup previous keystore
cp ${UNIFIPATH}/keystore ${UNIFIPATH}/keystore.backup.$(date +%F_%R)

#Renew the certificate
sudo certbot-auto renew --quiet --no-self-upgrade

# Convert cert to PKCS12 format
sudo openssl pkcs12 -export -inkey /etc/letsencrypt/live/${UNIFIDOMAIN}/privkey.pem -in /etc/letsencrypt/live/${UNIFIDOMAIN}/fullchain.pem -out /etc/letsencrypt/live/${UNIFIDOMAIN}/fullchain.p12 -name airvision -password pass:ubiquiti

# Import certificate
sudo keytool -importkeystore -deststorepass ubiquiti -destkeypass ubiquiti -destkeystore ${UNIFIPATH}/keystore -srckeystore /etc/letsencrypt/live/${UNIFIDOMAIN}/fullchain.p12 -srcstoretype pkcs12 -srcstorepass ubiquiti -alias airvision -noprompt

# Start the UniFi Video service
service unifi-video start

Give the script permissions to run:

sudo chmod a+x /etc/unifi_video_le.sh

Run the script and your done:

sudo /etc/unifi_video_le.sh

View on GitHub at https://github.com/maddog986/snipplets/tree/master/unifi

Follow
( 0 Followers )
X

Follow

E-mail : *

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.