If you're comfortable with a PowerShell solution, Posh-ACME has a native GoDaddy DNS plugin and can use the CSR you generated via lib/ace.jar.
I just tested this out on a demo machine with the latest UniFi Controller software I could find (6.2.25) on Windows Server 2019. There's an annoying amount of tweaking you have to do to the final cert/chain files in order for the lib/ace.jar's "import_cert" command to work including providing a copy of the root CA in addition to the chain files.
Grab your GoDaddy API key and secret from here if you don't have them already. Once you have Posh-ACME installed, run the following to create the basic certificate.
cd "$($env:USERPROFILE)\Ubiquiti UniFi"
# setup the parameters to use with the new cert function
$certParams = @{
CsrPath = '.\data\unifi_certificate.csr.pem'
AcceptTOS = $true
Contact = 'me@example.com' # your email
Plugin = ‘GoDaddy’
PluginArgs = @{ GDKey='xxxxx'; GDSecret='yyyyy' } # your keys
Verbose = $true
}
# request the cert
New-PACertificate @certParams
Assuming that worked, you should see a bunch of verbose output followed by the details of your new cert. Now we need to import it, the chain, and the root certs into the Java keystore used by the UniFi software. The fact that the UniFi software will only import the cert with the root CA included is not very common and this process is going to make some assumptions that will eventually break if/when the root ever changes.
cd "$($env:USERPROFILE)\Ubiquiti UniFi"
# create a reference to the cert
$cert = Get-PACertificate
# create flattened (no line breaks) copies of the cert/chain/root files because
# for some reason the import process doesn't like the normal format
(Get-Content $cert.CertFile) -join '' | Out-File data\flat-cert.pem -Encoding ascii
(Get-Content $cert.ChainFile) -join '' | Out-File data\flat-chain.pem -Encoding ascii
((Invoke-RestMethod https://letsencrypt.org/certs/trustid-x3-root.pem.txt) -split "`n") -join '' | Out-File data\flat-root.pem -Encoding ascii
# import everything into the keystore
java -jar lib/ace.jar import_cert data\flat-cert.pem data\flat-chain.pem data\flat-root.pem
If the controller is already running, you'll need to stop and restart it in order to pick up the changes.