Do you want your UniFi controller to have a Let's Encrypt Certificate, automate it, and not have to open it up to the internet? Here's how!

Note for Cloud Key Gen1: You will have to run a few extra commands before following this guide, located here on the ubiquiti forums.

To do this, I used to get the certificate automated.

First, SSH into your UniFi controller and become root:

sudo -i

Next, install

curl | sh

Now, in order to use, you'll either need to exit and re-ssh in to your server, or open bash again. I prefer to just open bash again, so type:


Next, import your DNS API keys into I used Cloudflare, so I used these:

export CF_Key="YOUR_API_KEY"
export CF_Email="YOUR_EMAIL"

Replace YOUR_API_KEY with your Cloudflare API key, and YOUR_EMAIL with your Cloudflare account's email. If you're using something other than Cloudflare for your DNS, you can read about other DNS integrations here.

Next, get a certificate for your UniFi controller. Note: If you're using something other than Cloudflare for your DNS, use the name as shown in the DNS integration link above. --issue --dns dns_cf -d

Once you do that, it's highly recommened to install the certificate somewhere, rather than leaving it in /root. I put mine in /etc/unifi/ssl, although you can pick anywhere.

I created the folder:

mkdir -p /etc/unifi/ssl

Then, I made the script that UniFi needs to import the certificate. Note: Make sure you're in the /root directory, or change the acme install command (shown later) to where your script's directory is.

Next, download the script and make it so you can run it:

chmod +x

Run this command to install the certificate and reload it: --install-cert -d \
--key-file /etc/unifi/ssl/key.pem \
--fullchain-file /etc/unifi/ssl/fullchain.pem \
--reloadcmd "/root/"

Make sure you change to your domain.

Once you do this, it should install your certificate and reload UniFi. If everything goes properly, you should have a valid Let's Encrypt certificate for your UniFi controller, and it should automatically renew.


Credit: Thanks to this helpful post for the commands to install the certificate into UniFi, this post for Cloud Key specific commands, and kjrm on the ubiquiti forums for informing me about this.