From e5904f128e63c0ab1065cb5daa7d815064009735 Mon Sep 17 00:00:00 2001 From: Mike Edmunds Date: Mon, 11 Jan 2021 15:38:03 -0800 Subject: [PATCH] Update unifi instructions to cover Cloud Key Gen 2; point to script for settings most people won't need --- deployhooks.md | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/deployhooks.md b/deployhooks.md index 15cc0d5..7c4c4e3 100644 --- a/deployhooks.md +++ b/deployhooks.md @@ -650,21 +650,24 @@ Now the cert is added to all domains that are covered by it. ## 23. Deploy the cert on a Unifi Controller or Cloud Key +The unifi deploy hook supports self-hosted Unifi Controller, Unifi Cloud Key Gen1, +and UnifiOS (including Cloud Key Gen2). + These instructions are for running acme.sh locally on the Unifi Controller machine or on a Unifi Cloud Key device. If you run acme.sh on a remote machine, follow the Unifi examples under [ssh deploy](#examples-using-ssh-deploy) instead. Report any issues to https://github.com/acmesh-official/acme.sh/issues/3359 -> Note: Full support for Cloud Key devices is pending merge of [PR #3327](https://github.com/acmesh-official/acme.sh/pull/3327)] +> Note: Support for Cloud Key devices is pending merge of [PR #3327](https://github.com/acmesh-official/acme.sh/pull/3327) To deploy the cert run: ```sh acme.sh --deploy -d example.com --deploy-hook unifi ``` -You may see a warning that "the JKS keystore uses a proprietary format." -It can be ignored. +You may see a warning about "Overwriting existing alias unifi in destination keystore" +or that "the JKS keystore uses a proprietary format." Both can be ignored. The "service unifi restart" step may take a minute or more as it reloads the Unifi Controller. @@ -674,30 +677,18 @@ firmware upgrades when installed in the default location (/root/.acme.sh). But the renewal cron job may be lost after some firmware upgrades; use `crontab -l` to check, and re-install with `acme.sh --install-cronjob` if necessary. -If you have a non-standard Unifi Controller installation, you may need -to set some variables before running the deploy hook the first time. -Most users do not need to set these: +The unifi deploy hook automatically detects supported Unifi environments, and +should not need additional configuration. However, if you have a non-standard (self hosted) +Unifi Controller installation, you may need to set some variables before running the deploy +hook the first time, e.g: ```sh -# Settings for Unifi Controller: -# Location of keystore or unifi.keystore.jks file: -DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" -# Keystore password (built into Unifi Controller, not a user-set password): -DEPLOY_UNIFI_KEYPASS="aircontrolenterprise" -# Command to restart the Controller: -DEPLOY_UNIFI_RELOAD="service unifi restart" - -# Additional settings for Unifi Cloud Key: -# Whether to also deploy certs for Cloud Key maintenance pages -# (default is "yes" when running on Cloud Key, "no" otherwise): -DEPLOY_UNIFI_CLOUDKEY="yes" -# Directory where cloudkey.crt and cloudkey.key live: -DEPLOY_UNIFI_CLOUDKEY_CERTDIR="/etc/ssl/private" -# Command to restart maintenance pages and Controller -# (same setting as above, default is updated when running on Cloud Key): -DEPLOY_UNIFI_RELOAD="service nginx restart && service unifi restart" +export DEPLOY_UNIFI_KEYSTORE="/path/to/custom/java/keystore" ``` +See the comments at the top of [notify.sh](https://github.com/acmesh-official/acme.sh/blob/master/deploy/unifi.sh) +for a list of settings. (Most users should not need to do this.) + ## 24. Deploy the cert into a Peplink router ```sh