Last active
September 8, 2023 00:37
-
-
Save gintsmurans/035678d2a065bd965a47ff6e0fd93edf to your computer and use it in GitHub Desktop.
Unifi NVR + letsencrypt certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## Unifi NVR + letsencrypt certificate | |
# Remember to use fullchain.pem | |
# Thanks: https://www.john.geek.nz/2018/05/using-letsencrypt-with-ubiquiti-unifi-video-server/ | |
# | |
# Also remember adding `ufv.custom.certs.enable=true` to the `/usr/lib/unifi-video/data/system.properties` file | |
# | |
HOSTNAME=XXX.gm.lv | |
SCRIPTS_PATH=/srv/scripts | |
/etc/init.d/unifi-video stop | |
# Gen cert and key file supported by java | |
openssl pkcs8 -topk8 -nocrypt -in /etc/letsencrypt/live/$HOSTNAME/privkey.pem -outform DER -out /usr/lib/unifi-video/data/certificates/ufv-server.key.der | |
openssl x509 -outform der -in /etc/letsencrypt/live/$HOSTNAME/fullchain.pem -out /usr/lib/unifi-video/data/certificates/ufv-server.cert.der | |
# Remove unifi-video certs | |
rm /var/lib/unifi-video/ufv-truststore | |
rm /var/lib/unifi-video/keystore | |
rm /usr/lib/unifi-video/conf/evostream/server.* | |
# List | |
# keytool -list -keystore /usr/lib/unifi-video/data/keystore -storepass ubiquiti | |
/etc/init.d/unifi-video start | |
# Add custom cron job that would check each hour if there were any new certificates | |
printf '# Check if certificates was not renewd\n0 0 * * * root $SCRIPTS_PATH/renew_certs.bash > /dev/null\n' | tee -a /etc/cron.d/custom | |
# Add post hook to the certbot cron file. This will create a test file "/tmp/has_newcert" for which our cron job will test | |
nano /etc/cron.d/certbot | |
# ADD --post-hook "touch /tmp/has_newcert" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
certFQDN=XXX.gm.lv | |
if [ -f "/tmp/has_newcert" ] | |
then | |
# Cert was renewed, so process it | |
service nginx restart # I am also reloading nginx, disable this, if you don't use nginx | |
service unifi-video stop | |
openssl pkcs8 -topk8 -nocrypt -in /etc/letsencrypt/live/$certFQDN/privkey.pem -outform DER -out /usr/lib/unifi-video/data/certificates/ufv-server.key.der | |
openssl x509 -outform der -in /etc/letsencrypt/live/$certFQDN/fullchain.pem -out /usr/lib/unifi-video/data/certificates/ufv-server.cert.der | |
chown -R unifi-video:unifi-video /var/lib/unifi-video/certificates | |
rm /var/lib/unifi-video/ufv-truststore | |
rm /var/lib/unifi-video/keystore | |
rm /usr/lib/unifi-video/conf/evostream/server.* | |
service unifi-video start | |
rm /tmp/has_newcert | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment