Confused adding Cert to UNIFI Controller sub-domain

My domain is:

I ran this command:
certbot certonly --standalone -d

It produced this output:

# #

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


# #

My web server is (include version):
Unifi Controller (built in web server)

The operating system my web server runs on is (include version):
Ubuntu 22.04

My hosting provider, if applicable, is:
N/A but Delta

I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.12.0

I have been following the instructions provided on the following link.

The issue that I am facing is that I am running my Unifi Controller on a local VM running behind a USG gateway. The gateway has a static ipaddress.
I have added the DNS entry in the zone file for the domain The URL points to the public ipaddress of the static how ipaddress.
If I open the URL then I can login to my controller. When I try to follow the instructions provided I an told that there is a potential firewall issue.

As suggested I added the entry for the local ipaddress pointing to the sub-domain into my /etc/hosts file.

this shows as (gateway) (server where the unifi controller software is installed on)

I have also opened my firewall on the controller to allow both pot 80 and 443 access to the internal VM from the outside.

There is no firewall installed on the internal VM.

What is blocking the response. Is there a way to change the port to 8899 where the controller is responding on?


Check here for possible help with UniFi Let's Encrypt on Ubiquiti's UniFi

1 Like

Thanks for replying mate, I have managed to figure it out.

The fix is to remove the gateway reference from the hosts file.

So my hosts file now only has



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.