Renew UniFi Controller Certificate

Steps required to renew SSL certificate for UniFi Controller on Linux

Document Created: 14/July/2020

Resources:

https://www.namecheap.com/support/knowledgebase/article.aspx/10133/14/csr-generation-on-ubiquiti-unifi

https://www.namecheap.com/support/knowledgebase/article.aspx/10134/33/installing-an-ssl-certificate-on-ubiquiti-unifi

https://www.namecheap.com/support/knowledgebase/article.aspx/9393/33/where-do-i-find-ssl-ca-bundle

https://community.ui.com/questions/Unable-to-import-the-certificate-into-keystore/c9a42223-1d36-40bf-954a-059508d52263

Steps

cd /usr/lib/unifi/
sudo java -jar lib/ace.jar new_cert unifi.danservices.com.au "Dan Services" 'Batemans Bay' NSW AU
sudo java -jar lib/ace.jar import_cert unifi_danservices_com_au.crt RSA_DV_with\ new\ Root.ca-bundle unifi_danservices_com_au.ca-bundle
service unifi restart

Notes

Remove spaces and newlines from the cert files.

Download CA Bundles

New Sectigo SHA2 Bundles under AAA Root

RSA DV Bundle under AAA Root (valid for PositiveSSL, EssentialSSL, PositiveSSL Multi-Domain, PositiveSSL Wildcard and EssentialSSL Wildcard certificates)
contains:

• Sectigo RSA Domain Validation Secure Server CA (intermediate)
• USERTrust RSA Certification Authority
• AAA Certificate Services (root)