Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UnifiOS v4.1 - certificate locations and configuration mechanism changed #68

Open
jcgillespie opened this issue Dec 23, 2024 · 5 comments
Open

UnifiOS v4.1 - certificate locations and configuration mechanism changed #68

jcgillespie opened this issue Dec 23, 2024 · 5 comments

Comments

@jcgillespie
Copy link

I know it is still in early access, but wanted to give an FYI.

The deployment script is failing silently for me, for at least the frontend - I don't use RADIUS or the hotspot. No error message, but the cert is not put into use.

In doing a little digging, the yaml format and location looks different. I think the frontend certs are now controlled by /data/unifi-core/config/http/local-certs.conf
When I uploaded my certs using the Unifi UI, they were renamed to a GUID and placed in /data/unifi-core/config/ and that's what local-certs.conf I pointing at.

The format of local-certs.conf is different from the overrides too.
Rather than this it looks like this for me.

ssl_certificate     /data/unifi-core/config/<GUID>.crt;
ssl_certificate_key /data/unifi-core/config/<GUID>.key;

I tried hand-editing local-certs.conf to point to the ubios-cert location, but something is resetting it back to the previous guide cert when I restart the frontend.

Model: UniFi Dream Machine PRO
Version: 4.1.11.20727
Network App Version: 9.0.106

script output - it did

root@UDMPro:/data/ubios-cert# ./ubios-cert.sh deploy-webfrontend
# Supported firmware: 4.1.11 on UniFi Dream Machine Pro. Moving on.
# Checking for new certificate to be deployed to web frontend.
root@UDMPro:/data/ubios-cert# ./ubios-cert.sh deploy
# Supported firmware: 4.1.11 on UniFi Dream Machine Pro. Moving on.
# Deploying certificates and restarting UniFi OS
# Checking for new certificate to be deployed to web frontend.
alxwolf added a commit that referenced this issue Dec 24, 2024
@alxwolf
Update deploy.sh - FW 4.1 not supported
5e75eca 
See issue #68 

Again changes made by UI for cert locations and configuration mechanism
@alxwolf
Copy link
Owner

alxwolf commented Dec 24, 2024

Thanks for pointing this out. I stopped running EA firmwares - reasons...

As containment action, the deploy.sh script now checks if the firmware version is 4.1 and will bail out.

I'm a bit on the edge here. I'm getting bored chasing undocumented changes by UI. Maybe I will change the whole approach and just grab certificates via Let's Encrypt and feed them to Glenn's script. Let's see what the Christmas break brings.

@jcgillespie
Copy link
Author

I appreciate the work you've put in. I can imagine how frustrating that would be If it helps, I just noticed that the GlennR scripts now support DNS challenges.

@alxwolf
Copy link
Owner

alxwolf commented Dec 24, 2024

Yep that's true but GlennR removed most of DNS providers on UI hardware only. So the provider I need is not supported.

I'm a hobbyist so I just might live with it.

Merry Christmas, by the way!

@ther3zz
Copy link

ther3zz commented Jan 7, 2025
edited
Loading

looks like unifi os 4.1.13 is out of EA btw

Merry Christmas and Happy New Year!

@alxwolf alxwolf changed the title UnifiOS v4.1 - certificate locations and configuration mechanism appear to have changed. UnifiOS v4.1 - certificate locations and configuration mechanism changed Jan 8, 2025
@alxwolf
Copy link
Owner

alxwolf commented Jan 8, 2025

Installed 4.1.13 on my UDM, ran 'ubios-cert force-renew' and it worked for the web frontend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jcgillespie @alxwolf @ther3zz