In this writeup, I’m using DNS challenge since I’m not exposing anything to the Internet directly.
# Install and create configs curl https://get.acme.sh | sh -s [email protected] # Apply temporary patch for deploy. # https://gist.github.com/mry/3853a090ccee8deaef96eaa46cde86cb # A apply a temporary fix for a bug in the deploy adding for Unifi. It cannot identify the Unifi Cloud Gateway Ultra, and therefore errors out and also does not render required certs. This command will download and patch the deploy script. curl -s https://gist.githubusercontent.com/mry/61125fba7b474c0c61cccc4100dd6e02/raw/unifi_deploy_patch.txt | patch -s /root/.acme.sh/deploy/unifi.bkp.sh # Run to set your secrects, done once export CF_Zone_ID="zone-id" export CF_Token="api-token" # You need to logout/login to your SSH session or sourcein new settings # Set letsencrypt as default since acme.sh switched default provider, only required for new installs acme.sh --set-default-ca --server letsencrypt # Test & Debug, specifying key type as 2048 bit RSA acme.sh --issue --keylength 2048 --dns dns_cf -d unifi.rylander.io --debug --test # Test deploy, oneliner for generation and deployment, includinging test acme.sh --issue --keylength 2048 --dns dns_cf -d unifi.rylander.io --deploy-hook unifi --debug --test # Use the force when neccessary # acme.sh --issue --keylength 2048 --dns dns_cf -d unifi.rylander.io --force # Finally the issuing request for the certificate acme.sh --issue --keylength 2048 --dns dns_cf -d unifi.rylander.io # Separate deploy request of generated certificate acme.sh --deploy -d unifi.rylander.io --deploy-hook unifi # verify the schedule is set, which will automatically run the deploy step when neccessary crontab -l
