Let's Encrypt Unifi controller with Eclipse Java

I would like to use LE for my Unifi controller. My domain is supsolit.nl

So i cheched out this page:

https://community.ui.com/questions/HOWTO-UniFi-Controller-with-Lets-Encrypt-on-Windows/ffab52ba-056d-4dda-b32c-95ecd054e89a

First question:

set kt="C:\Program Files\Java\jre1.8.0_261\bin\keytool.exe"

Isn't the correct path for java anymore.

I am pretty sure this should be the line now:

C:\Program Files\Eclipse Adoptium\jdk-11.0.17.8-hotspot\bin\keytool.exe

this line:

set pfx="C:\Users\adm_myname\Ubiquiti UniFi<hostname>.pfx"

HOSTNAME: is that my unificontroller.supsolit.nl name?

Second question:

Let's Encrypt validate through port 80/443 (also if i follow the other workaround). But when you own the domain (which i do) there is a different way right? By adding a text line in the domain DNS? Which changes do i have to make to the script to make this happen?

at this moment i own an IPv4 /29 subnet so i could use 80/443, but i would also like to cancel that IPv4 /29 subnet. I know i could also use a reverse proxy, but since i have not done that before (which doesn't mean i don't wanna try) i would like to validate LE through domain DNS. Which is preferable than using port 80/443, right?

If there is a different script of way of course i am open for it :slight_smile:

The tutorial you are following uses a program called win-acme.

Lucky for you, win-acme features support (via a downloadable plugin) for TransIP as a DNS provider.

Your domain has its DNS hosted with TransIP, so you should be able to get a certificate using DNS validation, and avoid the problems with port 80/443.

I'm not familiar with using wacs.exe so you will need to have an explore around the program about how to use transip validation instead of HTTP, or maybe someone else will pop in with more specific usage advice.

5 Likes

Is there a different way you are familar with than win-acme?

And yes TransIP is my domain hoster.

What operating system will you be using?
[looks like Windows to me - if so, check out CertifyTheWeb and PoshACME]

4 Likes

Windows 2019 - Server. I apologize for not having mentioned that.

2 Likes

I have installed CertiyTheWeb, but this looks like it uses or needs IIS. But Unifi doesnt use this right?

I have never done this before is there a HowTo? Or could you explain what to do?

Here are a couple of Topics on Ubiquiti's UniFi in this community forum.

2 Likes

They all use Ubuntu. I will have a look but i don't think i will be able to translate that to a windows setup.

Maybe try searching the Certify forum ?

4 Likes

I was under the impression that UniFi Network Application https://community.ui.com/releases/UniFi-Network-Application-7-2-95/7adebab5-8c41-4989-835d-ab60dba55255 is OS agnostic.

3 Likes

From that page:

  • An updated/current version of Java 8 must be installed on the system hosting the UniFi Network Application. Java 9 and later are not yet supported.
4 Likes

I am running java 8. Not sure what you mean.

That is clearly Java 11.

4 Likes

O mmm. You are right, my apologies.
I had to install this version of Java to be able install the newest version of the Unifi Controller Software. Version 7.3.76.

Info:

https://community.ui.com/releases/UniFi-Network-Application-7-3-76/85c75fc7-3e0f-4e99-aa90-7068af4f1141

The release notes state:

  • An updated/current version of Java 11 must be installed on the system hosting the UniFi Network Application. Java 12 and later are not yet supported.
3 Likes

Considering how long Java 8 has been out of support, that is actually comforting to see.

3 Likes

Now that we agree on the java version, do you have any suggestions for me? :slight_smile:

Sadly nothing likely to be helpful, as I have only ever run UniFi controllers on Debian Stable.

3 Likes

For most users, Java 8 is supported until at least December 2030. The licensing has changed though and commercial users need a subscription.

2 Likes

Use try Windows Subsystem for Linux - Wikipedia and install UniFi Network Application on that linux subsystem.

1 Like

I have been thinking about switching my unifi controller from windows to debian for a while now.

Getting LE certificate is easier on Debian?