I am having a lot of trouble getting a certificate for use on my Unifi CloudKey (gen2). I used to have valid Let’s Encrypt certificates, but they expired, and for the life of me I cannot renew them (primarily, it seems, due to the deprication of some archive called jessie-backports). This is NOT for a public domain, it’s for a local wifi domain; in other words, it is using private IP addresses which resolve to the CloudKey.
In the absence of a new means of generating keys on the CloudKey itself, is there a way to generate them on my Mac? I haven’t been able to do so using the certbot. If I can generate them on my Mac, I could export them to the CloudKey.
Well, there's your problem--Let's Encrypt will only issue certs for public domains. However, it's entirely possible to generate certs on the cloud key itself; I've been doing it for the past 9 months or so. I'm generally following this guide:
Thank you for your response. I’ve tried to do that, but the process always fails on the DNS challenge. I use Cloudflare and put in the proper key and such, but no luck. How are you doing it?
Yes, I understand that. For some reason it is not being created when I follow the rest of the script that you referenced. I also typically receive a DNS-related error when I try to create the keys, but today I manually created the keys and then ran the script, so it skipped creation because they already existed. In any event, Unifi seems to make it harder and harder to put certificates on the UCK. Thank you for your help.
If it isn't being created, it's because you aren't creating it--that page calls for you to directly create that script; there's no other process that would be doing that. You create /root/.acme.sh/cloudkey-renew-hook.sh with the contents mentioned there (being careful of line wraps), and then call it from with the acme.sh command.