From 6efdc8e667dec84691f3850f3a9b3ea88204f459 Mon Sep 17 00:00:00 2001 From: Mike Edmunds Date: Tue, 29 Dec 2020 08:46:29 -0800 Subject: [PATCH] Document unifi deploy hook --- deployhooks.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/deployhooks.md b/deployhooks.md index 31549ac..485a887 100644 --- a/deployhooks.md +++ b/deployhooks.md @@ -646,4 +646,53 @@ To deploy the cert now run: acme.sh --deploy -d example.com --deploy-hook cleverreach ``` -Now the cert is added to all domains that are covered by it. \ No newline at end of file +Now the cert is added to all domains that are covered by it. + +## 23. Deploy the cert on a Unifi Controller or Cloud Key + +These instructions are for running acme.sh locally on the Unifi Controller +machine or on a Unifi Cloud Key device. If you run acme.sh on a remote machine, +follow the Unifi examples under [ssh deploy](#examples-using-ssh-deploy) instead. + +[Full support for Cloud Key pending merge of [PR #3327](https://github.com/acmesh-official/acme.sh/pull/3327)] + +To deploy the cert run: +```sh +acme.sh --deploy -d example.com --deploy-hook unifi +``` + +You may see a warning that "the JKS keystore uses a proprietary format." +It can be ignored. + +The "service unifi restart" step may take a minute or more as it reloads the +Unifi Controller. + +On a Unifi Cloud Key, acme.sh installations and configuration seem to survive +firmware upgrades when installed in the default location (/root/.acme.sh). +But the renewal cron job may be lost after some firmware upgrades; use `crontab -l` +to check, and re-install with `acme.sh --install-cronjob` if necessary. + +If you have a non-standard Unifi Controller installation, you may need +to set some variables before running the deploy hook the first time. +Most users do not need to set these: + +```sh +# Settings for Unifi Controller: +# Location of keystore or unifi.keystore.jks file: +DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" +# Keystore password (built into Unifi Controller, not a user-set password): +DEPLOY_UNIFI_KEYPASS="aircontrolenterprise" +# Command to restart the Controller: +DEPLOY_UNIFI_RELOAD="service unifi restart" + +# Additional settings for Unifi Cloud Key: +# Whether to also deploy certs for Cloud Key maintenance pages +# (default is "yes" when running on Cloud Key, "no" otherwise): +DEPLOY_UNIFI_CLOUDKEY="yes" +# Directory where cloudkey.crt and cloudkey.key live: +DEPLOY_UNIFI_CLOUDKEY_CERTDIR="/etc/ssl/private" +# Command to restart maintenance pages and Controller +# (same setting as above, default is updated when running on Cloud Key): +DEPLOY_UNIFI_RELOAD="service nginx restart && service unifi restart" +``` +