This is applicable to Unifi OS 3.2.x
With my SSL certificates being managed by a different system via LetsEncrypt, I do need to copy them over to my UDM pro periodically because they only last 90 days.
Unifi doesn’t make the setting of certificates simple, so you have to SSH to the device and place the certificate file and key file at:
/data/unifi-core/config/unifi-core.crt
/data/unifi-core/config/unifi-core.keyOnce done, you can either find a time to reboot the device since your internet connection will be disrupted when you do so, or just run the following on the UDM Pro (to reload the web services):
nginx -s reloadThen you should be able to go to your UDM Pro’s URL and access your system once more.
Still.. having to remember that every so often is annoying and inevitably you’ll forget like I do.
So, the solution to that is to have the UDM Pro pull the certificates from a trusted internal system, get them in place and restart whatever it needs to.
Make this script below on your UDM Pro as /etc/cron.weekly/updatessl
#!/bin/bash
SSLHOST=10.4.1.250
DOMAIN=doofer.org
scp -p root@${SSLHOST}:/etc/ssl/local/${DOMAIN}/fullchain.pem /data/unifi-core/config/unifi-core.crt
scp -p root@${SSLHOST}:/etc/ssl/local/${DOMAIN}/privkey.pem /data/unifi-core/config/unifi-core.key
nginx -s reloadObviously you’ll need to change things to the host where you have your SSL keys and what domain you use, but you get the idea. Make sure you chmod +x the script and your UDM Pro should keep its certificates up to date.
