Unifi Video and LetsEncrypt

Unifi Video by Ubiquiti is still used for many dedicated servers. Now with the newer Unifi Protect system, getting an official LetsEncrypt setup on existing Unifi Video servers is a very unlikely.
This script is very similar to the Unifi Controller LetsEncrypt article I posted over a year ago.

Install Certbot and follow the command prompts:

cd /usr/local/sbin
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto certonly

Setup a file for a monthly cron to auto renew. If you get a prompt on which editor to use, I normally choose Nano but that’s completely up to you.

sudo crontab -e

Add code to bottom of the cron job file:

0 0 1 * * /etc/unifi_video_le.sh >/dev/null 2>&1

Now lets create the file and save it to standard directory for ease of use:

nano /etc/unifi_video_le.sh

Copy the code below, make sure to change the controller.yourdomain.com to the actual domain of the controller:

# Set the Domain name, that points to your NVR, a valid DNS entry must exist

# NO NEED TO DO NOT EDIT BELOW --------------

# Stop the UniFi Video service
service unifi-video stop

# Enable custom certificates in the system.properties for Unifi Video
grep -qxF 'ufv.custom.certs.enable=true' /var/lib/unifi-video/system.properties || echo "ufv.custom.certs.enable=true" >>/var/lib/unifi-video/system.properties

#backup previous keystore
cp /var/lib/unifi-video/keystore /var/lib/unifi-video/keystore.backup.$(date +%F_%R)

#Renew the certificate
sudo certbot-auto renew --quiet --no-self-upgrade

# Convert cert to PKCS12 format
sudo openssl pkcs12 -export -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem -in /etc/letsencrypt/live/${DOMAIN}/fullchain.pem -out /etc/letsencrypt/live/${DOMAIN}/fullchain.p12 -name airvision -password pass:ubiquiti

# Import certificate
sudo keytool -importkeystore -deststorepass ubiquiti -destkeypass ubiquiti -destkeystore /var/lib/unifi-video/keystore -srckeystore /etc/letsencrypt/live/${DOMAIN}/fullchain.p12 -srcstoretype pkcs12 -srcstorepass ubiquiti -alias airvision -noprompt

# Start the UniFi Video service
service unifi-video start

Give the script permissions to run:

chmod a+x /etc/unifi_video_le.sh

Run the script and your done:

sudo /etc/unifi_video_le.sh

View on GitHub at https://github.com/maddog986/snipplets/tree/master/unifi



E-mail : *

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.