Closed ther3zz closed 1 year ago
This is a theoretical approach as I don't own an UniFi NVR to be able to check.
Looking at this page, it appears that certificate locations on UNVR are the same as on UDM. So that should work.
The only step left is to issue a systemctl restart unifi-protect
command, which the script currently does not do (or reboot the device, which we want to avoid to not interrupt network connection).
So you could try deploying the script on UNVR with a manual restart of device or service - if it does not work just trash the /data/ubios-cert/
folder and delete the LE .crt
and .key
in /data/unifi-core/config
. They will be re-created on next reboot (with standard UniFi self-signed cert) if the files don't exist.
This is a theoretical approach as I don't own an UniFi NVR to be able to check.
Looking at this page, it appears that certificate locations on UNVR are the same as on UDM. So that should work.
The only step left is to issue a
systemctl restart unifi-protect
command, which the script currently does not do (or reboot the device, which we want to avoid to not interrupt network connection).So you could try deploying the script on UNVR with a manual restart of device or service - if it does not work just trash the
/data/ubios-cert/
folder and delete the LE.crt
and.key
in/data/unifi-core/config
. They will be re-created on next reboot (with standard UniFi self-signed cert) if the files don't exist.
So close! once I run "./deploy.sh" receive the following errors: ./deploy.sh: 6: ubnt-device-info: not found ./deploy.sh: 8: ubnt-device-info: not found ./deploy.sh: 20: [: -gt: unexpected operator Unsupported firmware:
Well, UNVR is not foreseen in this script, and the device seems to lack at least one required command.
Does the UNVR have a /data
directory?
On your own risk (if it goes wrong, it should not break "too much" - if anything), you could manually run these commands to achieve deployment:
set -e
DATA_DIR=/data
SCRIPT_DIR=$(dirname ${0})
ACME_URL=$(curl -s https://api.github.com/repos/acmesh-official/acme.sh/releases/latest | grep tarball_url | awk '{ print $2 }' | sed 's/,$//' | sed 's/"//g')
curl -L "${ACME_URL}" > acmesh.tar.gz
mkdir -p "${SCRIPT_DIR}/ubios-cert/acme.sh"
tar -xvf acmesh.tar.gz --directory="${SCRIPT_DIR}/ubios-cert/acme.sh" --strip-components=1
chmod +x ${SCRIPT_DIR}/ubios-cert/ubios-cert.sh
mv "${SCRIPT_DIR}/ubios-cert/" "${DATA_DIR}/ubios-cert/"
rm -rf ${SCRIPT_DIR}/../ubios-cert-main ~/ubios-cert.zip
echo "Deployed with success in ${DATA_DIR}/ubios-cert"
cd ${DATA_DIR}/ubios-cert
that is the bare minimum to grab acme.sh
and put everything in its place.
Well, UNVR is not foreseen in this script, and the device seems to lack at least one required command.
Does the UNVR have a
/data
directory? On your own risk (if it goes wrong, it should not break "too much" - if anything), you could manually run these commands to achieve deployment:set -e DATA_DIR=/data SCRIPT_DIR=$(dirname ${0}) ACME_URL=$(curl -s https://api.github.com/repos/acmesh-official/acme.sh/releases/latest | grep tarball_url | awk '{ print $2 }' | sed 's/,$//' | sed 's/"//g') curl -L "${ACME_URL}" > acmesh.tar.gz mkdir -p "${SCRIPT_DIR}/ubios-cert/acme.sh" tar -xvf acmesh.tar.gz --directory="${SCRIPT_DIR}/ubios-cert/acme.sh" --strip-components=1 chmod +x ${SCRIPT_DIR}/ubios-cert/ubios-cert.sh mv "${SCRIPT_DIR}/ubios-cert/" "${DATA_DIR}/ubios-cert/" rm -rf ${SCRIPT_DIR}/../ubios-cert-main ~/ubios-cert.zip echo "Deployed with success in ${DATA_DIR}/ubios-cert" cd ${DATA_DIR}/ubios-cert
that is the bare minimum to grab
acme.sh
and put everything in its place.
Yup, /data does exist. I'll run the above and will report back!
OK So looks like using the modified deploy script worked but the ./ubios-cert.sh initial
command failed with the same unsupported firmware error.
I'll take a stab at it now to see if I can remove the firmware check.
IS_UNIFI_2='false' if [ $(ubnt-device-info firmware | sed 's#..*$##g' || true) -gt 1 ] then IS_UNIFI_2='true' else echo "Unsupported firmware: ${FIRMWARE_VER}" exit 1 fi
I've commented this out from the ubios-cert.sh script and ran with the initial
param and it worked!
I actually didn't even need to restart protect or unifi-core, looks like the script handled all of it.
Thanks for your help @alxwolf !
Does anyone know if this will work on the UNVR? It would be cool to be able to set an SSL cert on this device as well. Seems like it runs as its own instance in the unifi ecosystem.