Can I pay someone from Let’s Encrypt to do this for me for CloudKey G2!a

.I followed but the commands do not work

Definitive Guide to Hosted UniFi 2021 | Crosstalk Solutions

2 Likes

No, you can't pay someone to do this for you--you'll need to figure it out, but we can help. Are you actually using a CloudKey? If so, the instructions you linked to wouldn't be helpful at all, as they aren't for a CloudKey, and I don't see why you'd think they would be--nothing on that page, even in the comments, appears to mention the CloudKey.

1 Like

Well, not through this Community in any case. I'm sure there are IT consultancy companies out there who will help for a fewlot of :moneybag: :money_with_wings:

1 Like

This community does have have a small list of consultants who are willing to do paid work for helping people integrate Let's Encrypt.

I don't know if any of them support Unifi, though, which is in some ways its own world. (I use Unifi switches and wireless access points myself for my home network, but I haven't yet explored getting a "real" certificate on the controller, and I use a first-generation CloudKey, so I'm not sure I would be much help either.)

4 Likes

Really, installation on Unifi--either on a CloudKey or on its own Linux machine--is pretty simple using acme.sh and its unifi deploy hook. But I don't think that's the solution being used at the link given above.

2 Likes

Pinging @schoen who does some consulting work and may be able to help!

3 Likes

Hi, @tvaughn, welcome to the community!

I'm sorry that you're not going to be able to get the answer you need right away, as we're an all-volunteer community. However, Peter's also correct in that there are currently a few members of the community who are offering their help for a fee. I've had many wonderful conversations with @schoen and I can confirm that he is a great help to people of many differing technical backgrounds. I haven't yet interacted with the other two people on the other forum thread that was linked so I can't tell you anything about their work style.

I hope that someday we'll be able to have a more robust list of people who are offering their paid services on a sliding scale. But I think that's an entirely different topic and probably a community-run project for a different time.

1 Like

If you are using the latest firmware (version 2.x) on the CloudKey G2, that guide from CrossTalk Solutions doesn’t apply as it’s intended for hosted controllers (i.e controllers running on a Raspberry Pi or a server).

The latest firmwares on the CloudKey G2 use different files to serve the SSL certificate. These files are named unifi-core.crt and unifi-core.key located in /data/unifi-core/config.

While this guide from Scott Helme is also not intended to set up Let’s Encrypt on the CloudKey G2, it pointed me in the right direction

https://scotthelme.co.uk/setting-up-https-on-the-udm-pro/

You can also use ECDSA certificates and no other steps other than replacing the certificate and private key files, and restarting the UniFi Controller are required.

You can restart the UniFi Controller without rebooting the CloudKey with the following command

systemctl restart unifi-core.service
2 Likes

Since OP hasn't responded in three days to clarify what the question/problem is, is there any value in continuing to speculate?

1 Like

Probably not. The only use-case I can think of is where someone else has the same type of config, but that future person can either necro this thread or create a new one. (Unless necros are not allowed here.)

IIRC, topics close after 30 days of inactivity.

Assuming DNS validation is feasible, again, acme.sh makes this quite easy. Just install it on the Cloud Key or the system running the Unifi controller software, set the credentials for the DNS provider, then

acme.sh --issue -d unifi_domain_name --dns dns_whatever
acme.sh --install-cert -d unifi_domain_name --deploy-hook unifi

This should work on a CloudKey Gen 1 or 2, or a generic *nix system running the Unifi controller--I don't know about the UDM, though.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.