Guest portal cert doesn't seem to be updating.

[realaod]

This is on a UDM pro running UnifiOS version 3.1.16 and Network version 7.5.174. The core GUI cert is updating fine, and RADIUS cert is updating fine. When I go to https://(hostname of my udm):8443 I still get a cert error and it is still giving a cert that is self-signed by Ubiquiti. I'm wondering if the newest OS version and network is no longer allowing this to update.

[alxwolf]

The certificate for the Captive (Guest) Portal is stored in the Java Key store. Could you check if your JKS contains your certificate by executing on UDM:

keytool -v -list -keystore /usr/lib/unifi/data/keystore

It will ask for a password, that is aircontrolenterprise

Result should look like

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: unifi
Creation date: Jul 17, 2023
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=(hostname of your udm)
Issuer: CN=R3, O=Let's Encrypt, C=US
Serial number: <blablabla>
Valid from: Mon Jul 17 02:02:48 CEST 2023 until: Sun Oct 15 02:02:47 CEST 2023

[realaod]

It does show 1 entry and it has my wildcard (*.domain.com) in the CN. The difference is instead of keystore type JKS, it is PKCS12 and the chain length is 1 instead of 3. I'm assuming both of these differences is because I chose not to use the full chain cert, but server only cert (the one that doesn't break wifiman). I have not tried rebooting the UDM pro but can certainly give that a shot if you think that will help troubleshoot. Although, if the UDM pro needs to be rebooted for it to take effect, then I would guess it would require a reboot any time the cert is renewed, which wouldn't be ideal.

Thanks for looking into this!

Edit: I also did try using the full chain cert on the first attempt and it did not work either.

[realaod]

Is there maybe a service that needs to be restarted on newer firmware that didn't need to be restarted before?