If nothing happens, download the GitHub extension for Visual Studio and try again.
$ chown -R unifi-video:unifi-video /var/lib/unifi-video/certificates, Stop the Unifi VIdeo service and delete the self signed certificates, $ service unifi-video stop This is where a DNS Challenge comes in useful.
You referenced 2 links on the unifi site but one of the links uses out of date paths (which has been reproduced here), Why did you comment out this? A common error is that the HTTPS port is not open on the Linux side of things, as per usual there are many ways to solve this problem, the easiest is probably: sudo ufw allow 443/tcp. $ rm /var/lib/unifi-video/ufv-truststore then
Script that automates upgrading and securing of a Debian 9 host then deploys the latest Ubiquiti UniFi Controller.
We use optional third-party analytics cookies to understand how you use GitHub.com so we can build better products. Login to the UniFi Controller, and under Settings > Controller Settings > Advanced update the Controller Hostname/IP: Finally, add the following entry to your crontab file to ensure that the certificate is renewed automatically: I found that the change applied straight away for UniFi Controller. UniFi probably shouldn’t be run as root – this is generally a good idea, plus it may also become a requirement for the Docker image I’m using in the future. download the GitHub extension for Visual Studio. I just needed to add it to the video controller. There’s too much noise on the internet, to the extent a simple process is sometimes hidden within countless pages. [Fri Apr 10 20:00:47 BST 2020] Checking unifi.home.jamesridgway.co.uk for _acme-challenge.unifi.home.jamesridgway.co.uk [Fri Apr 10 20:00:48 BST 2020] Domain unifi.home.jamesridgway.co.uk '_acme-challenge.unifi.home.jamesridgway.co.uk' success. Certbot will stand up a quick and dirty HTTPS enabled site on the machine to host the Let’s Encrypt request files, once the certificate is approved and downloaded the site will terminate.
Create a token via the Cloudflare Dashboard: I chose to restrict the Zones that the API token can access by explicitly including the relevant zone under Zone Resources: Go back to the CloudKey SSH session and modify the ~/.bashrc file to set the following environment variables to the relevant values for your API token and zone: I put all three of these environment variables before the line. You’ll now need to enter the domain name, an email address and probably agree (or not agree) to receive emails from EFF. 0 */12 * * * root letsencrypt renew 5 */12 * * * root unifi_ssl_import.sh Save and exit nano by doing CTRL+X followed by Y. Letsencrypt certificates are free to use but need to be renewed every 90 days. Your certificate and chain have been saved at:
If the certificate is renewed, you need to reprocess it and restart the Unifi Video service.
You now have private and public keys for your domain, signed by LetsEncrypt sitting in the /etc/letsencrypt/live/cctv.example.com directory. Measuring GPS (GNSS) Accuracy and Precision, Powering and Grounding 1Wire DS18B20 with Digital IO Pins. Whenever a Certificate Authority issues a certificate they have to ensure that you are in control of the domain that you want the certificate for. - Congratulations!
This script works on Debian and probably Ubuntu with sysvinit - not sure if it will work quite the same way with systemd, or Fedora/Gentoo/etc. The first command renews the certificate every 12 hours on the hour, and the second command re-runs the UniFi script 5 minutes later. Go to the certbot website for your specific OS, but for Ubuntu it’s likely to be something like this.
Here’s my version.