June 22, 2025

Setting up Let's Encrypt on Unifi

Just spent waaaayyyy too much time fighting with getting acme.sh to get setup to pull Let's Encrypt ssl certificate down for my Unifi router. Pretty much the headache came down to the acme.sh script trying to default to using an ECC based key but Unifi not liking that. Had to pass it a key size parameter to force it to going for an RSA based one.

# Get the script and set the email address to my own.
curl https://get.acme.sh | sh -s [email protected]
# Now go get API tokens from cloud flare and zone id. Using wiglaf.net
export CF_Zone_ID="BLAHBLAHBLAH"
export CF_Token="BLAHBLAHBLAH"
# Change the default CA to being Let's Encrypt
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
# Note the -k 2048 argument.
/root/.acme.sh/acme.sh --issue --dns dns_cf -d unifi.YOUR.DOMAIN -k 2048
# Install the new cert
/root/.acme.sh/acme.sh --deploy -d unifi.YOUR.DOMAIN --deploy-hook unifi