LE for the guest portal

kchristensen / udm-le

Let's Encrypt support for Ubiquiti UniFi OS

MIT License

572 stars 79 forks source link

LE for the guest portal #2

Closed magic2910 closed 4 years ago

magic2910 commented 4 years ago

Unfortunately, the guest portal use the self-signed unifi certificate. Is it possible to change this also to the let's encrypt certificate?

Maybe this could help: https://community.ui.com/questions/UDM-Pro-SSL-Certificate-1-6-4/71476759-72ce-465a-ad79-5f4559312a0e#answer/49e371f2-9b3a-4e79-b9d9-63758c54242e

but it is not reboot safe.

Regards

kchristensen commented 4 years ago

Hm, I kind of added support just now here: https://github.com/kchristensen/udm-le/commit/9cf2df493ed11def6de86737fa7446d7ff5137f5

However as you mentioned it is annoyingly not reboot safe, and making it work on boot is going to basically mean restarting the unifi-os container at some point post reboot every time, which is kind of annoying.

I never noticed this used a different cert because I don't use the captive portal, but I'll have to think about how the best way to handle making this work post reboot and not just when a certificate gets reissued.

magic2910 commented 4 years ago

This is not working. I did some research - you had to create / modify a java keystore for the secure guest portal. https://www.ssls.com/knowledgebase/installing-an-ssl-certificate-on-ubiquiti-unifi/ The path for the keystore is /mnt/data/unifi-os/unifi/data/keystore Is this possible in the udm-le script?

magic2910 commented 4 years ago

Ok this did the trick for me:

run in unifi-os shell: java -jar /usr/lib/unifi/lib/ace.jar import_key_cert "/data/unifi-core/config/unifi-core.key" "/data/unifi-core/config/unifi-core.crt"
restart unifi-os

could you build in this in your script?

kchristensen commented 4 years ago

Just pushed a commit, try that on for size.

timrettop commented 4 years ago

@magic2910 if you come back to this, it'd be nice to know with the changes in #8 that have been merged to master, if your workflow still continues to work. Would you mind updating your local environment to master?

Note that the udm-le.env now has a parameter to enable your desired captive portal updates, its set to not update captive portal by default.

magic2910 commented 4 years ago

It's working fine for me, thanks!

kchristensen commented 4 years ago

Woo! Going to close this guy out then, enjoy.