Install Let's Encrypt on Unifi Cloud Key Gen 2

SSH into the Cloud Key


Open Firewall Ports 80 and 443 in USG


Individually Run:

sudo apt-get update

sudo apt-get install git

sudo apt-get install nano

git clone https://github.com/letsencrypt/letsencrypt

letsencrypt/letsencrypt-auto


service nginx stop


letsencrypt/letsencrypt-auto certonly --text --standalone --standalone-supported-challenges tls-sni-01 --domain subdomain.enteryourdomain.com --email you@enteryouremail.com --agree-tos --renew-by-default

service unifi stop

rm /usr/lib/unifi/data/keystore


nano /etc/default/unifi


Delete line UNIFI_SSL_KEYSTORE=/etc/ssl/private/unifi.keystore.jks and save the file


sudo openssl pkcs12 -export -inkey /etc/letsencrypt/live/subdomain.enteryourdomain.com/privkey.pem -in /etc/letsencrypt/live/subdomain.enteryourdomain.com/fullchain.pem -out /home/cert.p12 -name ubnt -password pass:temppass


sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -srckeystore /home/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias ubnt -noprompt


service nginx start

service unifi start

sudo rm /home/cert.p12