Do you want your UniFi controller to have a Let's Encrypt Certificate, automate it, and not have to open it up to the internet? Here's how!

To do this, I used to get the certificate automated.

First, SSH into your UniFi controller and become root:

sudo -i

Next, install

curl | sh

Now, in order to use, you'll either need to exit and re-ssh in to your server, or open bash again. I prefer to just open bash again, so type:


Next, import your DNS API keys into I used Cloudflare, so I used these:

export CF_Key="YOUR_API_KEY"
export CF_Email="YOUR_EMAIL"

Replace YOUR_API_KEY with your Cloudflare API key, and YOUR_EMAIL with your Cloudflare account's email. If you're using something other than Cloudflare for your DNS, you can read about other DNS integrations here.

Next, get a certificate for your UniFi controller. Note: If you're using something other than Cloudflare for your DNS, use the name as shown in the DNS integration link above. --issue --dns dns_cf -d

Once you do that, it's highly recommened to install the certificate somewhere, rather than leaving it in /root. I put mine in /etc/unifi/ssl, although you can pick anywhere.

I created the folder:

mkdir -p /etc/unifi/ssl

Then, I made the script that UniFi needs to import the certificate. Note: Make sure you're in the /root directory, or change the acme install command (shown later) to where your script's directory is.

Next, download the script and make it so you can run it:

chmod +x

Run this command to install the certificate and reload it: --install-cert -d \
--key-file /etc/unifi/ssl/key.pem \
--fullchain-file /etc/unifi/ssl/fullchain.pem \
--reloadcmd "/root/"

Make sure you change to your domain.

Once you do this, it should install your certificate and reload UniFi. If everything goes properly, you should have a valid Let's Encrypt certificate for your UniFi controller, and it should automatically renew.


Credit: Thanks to this helpful post for the commands to install the certificate into UniFi.