Reply
New Member
Posts: 13
Registered: ‎10-14-2018

I want to install a certificate on my UNMS server, I Working on this for days' no success

I want to install a certificate on my UNMS server, I searched the internet YouTube tried to follow ubiquiti guide no success, must articles I found where about a UNIFI controller. Please help

 

Veteran Member
Posts: 4,522
Registered: ‎05-19-2009
Kudos: 741
Solutions: 23

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

I would recommend using let's encrypt as its super easy

 

go to http://localhost/settings/unms

 

and under SSL where it asks do you want to use let's encrypt click the slider to YES

 

 

OR

 

if you really want the pain of using your own certificate you can follow this guide

 

https://help.ubnt.com/hc/en-us/articles/360000119728-UNMS-Optional-Installation-Steps#2

Established Member
Posts: 846
Registered: ‎09-25-2014
Kudos: 261
Solutions: 43

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

I would listen to @900mhzdude and use let’s encrypt. Make sure you have port 80 open to the internet (you may need 443 as well, I can never remember) then generate the certificate. After you have it you can close the ports down for another 3 months. 

New Member
Posts: 13
Registered: ‎10-14-2018

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

I turned on SSL and I am getting the following

Error: Another instance of Certbot is already running. 
Failed to generate or update Let's Encrypt certificate. 

Regular Member
Posts: 333
Registered: ‎03-07-2014
Kudos: 86
Solutions: 20

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

[ Edited ]

The nginx docker container refers to: /home/unms/data/cert directory. My guess is the live.key & live.crt are what you're after. That directory should be persistent but idk if unms will attempt to overwrite on updates..

New Member
Posts: 27
Registered: ‎01-21-2016
Kudos: 2
Solutions: 1

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

I replaced live.key/.crt in /home/unms/data/cert and that works. I have not upgraded since. I would not be surprised if it does not survive an upgrade.
New Member
Posts: 13
Registered: ‎10-14-2018

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

Are reffering to the error I get on the SSL certifcate? and saing I need to move it? How do I find where certifcate in now?

 

this is the msg I get

Error: Failed authorization procedure. ubiquiti.123.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://ubiquiti.initializebiz.com/.well-known/acme-challenge/lZNSi9q5OkFb6dVW43LmIY76YXR_M96cZBwZHqR...: Timeout during connect (likely firewall problem) 
Failed to generate or update Let's Encrypt certificat

 

How do I find where certifcate in now?

Ubiquiti Employee
Posts: 3,006
Registered: ‎09-08-2017
Kudos: 1153
Solutions: 211

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

@your845  Hello Abraham. Please let me just check, the hostname 'procedure. ubiquiti.123.com' is not the real value correct? For the default LetsEncrypt certificate to work, it is necessary that the hostname in Settings -> UNMS -> UNMS hostname/IP is a valid one. 

UBNT_Alternate_Logo.png
UNMS Support - If you want to report an issue please use this guide.

Check out our ever-evolving Help Center for answers to many common questions!

New Member
Posts: 13
Registered: ‎10-14-2018

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

123 is not what I put in my settings, Just did not want to post my real host name. But yes it have my real domain name there.

 

In Re the cetifcates I found in home/unms/data/cert 6 certifcates local ip.crt localhost.crt local ip.kay live.crt live.key localhost.key

New Member
Posts: 13
Registered: ‎10-14-2018

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

[ Edited ]

I replaced live.key/.crt .....With what did you replace it? with your own certificate?

Regular Member
Posts: 747
Registered: ‎02-12-2013
Kudos: 189
Solutions: 59

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

Hi @your845
You displayed the domain (probably by accident) in the LE error.
Running an nmap on the domain, I can see that you got a self-signed certificate in your UNMS 0.13.1 Nginx (443), but port 80 is not open.
You also have port 8080 open, which is doing a redirect to "http://localhost:8080/manage", which then looks like it's redirecting to "https://ubiquiti.YOURDOMAIN.com:8443/manage"
Are you running a Unifi controller together with UNMS on the same server? If you want to do that, then you should setup your own reverse proxy (could be Nginx), so it handles the connections to UNMS and Unifi.
That's probably what's causing these problems. I would also recommend that you use unms.YOURDOMAIN.com and unifi.YOURDOMAIN.com, since you can then use the plain 80/443 without having to specify ports.
New Member
Posts: 13
Registered: ‎10-14-2018

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

Correct I have on the same host 2 vm one for unms and one for unifi and I am useing as you said unms.YOURDOMAIN.com for unms and unifi.YOURDOMAIN.com for unifi, but on this part I am not clear " since you can then use the plain 80/443 without having to specify ports" I did not set any ports at the unms, except if it being done autometicly with instlation. 

On my router I did forwred port 8080 3478443 and 8883 to my unifi so remote access points can connect.

Regular Member
Posts: 747
Registered: ‎02-12-2013
Kudos: 189
Solutions: 59

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

@your845

If you're running in two different VM, then you still need a reverse proxy to maintain two separate domains, so you can use unms.example.com and unifi.example.com - otherwise you might as well use server.example.com:8443 and server.example.com:5443
And then you would let the reverse proxy handle the Let's Encrypt.

But I can see that you've created Comodo certificates on 2018-12-19 for both unms.example.com and unifi.example.com - you with those two certificates, you should just add them manually to UNMS and Unifi respectfully.
https://help.ubnt.com/hc/en-us/articles/360000119728-UNMS-Optional-Installation-Steps#2
https://help.ubnt.com/hc/en-us/articles/212500127-UniFi-SSL-Certificate-Error#2
New Member
Posts: 13
Registered: ‎10-14-2018

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

[ Edited ]

I folowed the second link I need to get to cd /usr/lib/unifi to create a certifcate but there is not unifi file or directory I treid /ubiquity sine this is what I do see is the lib folder but getting msg not so such file or directrory also I am not sure for unms server I need to be in this location since I see the excisting certifcates are in /home/unms/data/cert

Ubiquiti Employee
Posts: 3,006
Registered: ‎09-08-2017
Kudos: 1153
Solutions: 211

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

@your845  Hello Abraham. First of all, I would like to note that it is not recommended to manipulate in any way with files located at '/home/unms/data/cert' since those are automatically generated and UNMS can delete or rewrite them anytime. If you want to use your own certificate, place its files into a different folder and run the UNMS installation script again with a tag pointing on the custom certificate. 

From the previous messages, I understand that you are trying to use the default LE certificate and you are getting an error 

'Error: Another instance of Certbot is already running. 
Failed to generate or update Let's Encrypt certificate. ' 

is that still correct?

UBNT_Alternate_Logo.png
UNMS Support - If you want to report an issue please use this guide.

Check out our ever-evolving Help Center for answers to many common questions!

New Member
Posts: 13
Registered: ‎10-14-2018

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

So I choose /usr/lib and typed the cmd to create my certifcate sudo java -jar lib/ace.jar new_cert ubnt.mydomain.com company city NY US and got back the following msg Unable to access jarfile lib/ace.jar

Yes Its correct I get a error in re the ssl

Ubiquiti Employee
Posts: 3,006
Registered: ‎09-08-2017
Kudos: 1153
Solutions: 211

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

@your845  Hello Abraham. I am sorry, but I am a bit lost. On one hand, you agree that you are trying to run with the default UNMS LetsEncrypt and on the other, you describe the creation of your own certificate. Can you please reiterate what is your final goal? Please note that it is absolutely crucial to differentiate between UniFi and UNMS systems. The mention about ace.jar is not relevant for solving your UNMS issue as that is a part of UniFi system. 

UBNT_Alternate_Logo.png
UNMS Support - If you want to report an issue please use this guide.

Check out our ever-evolving Help Center for answers to many common questions!

New Member
Posts: 13
Registered: ‎10-14-2018

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

I prefer having my own certificate. ok so you say ace.jar is not for UNMS, can you please help on how to create a certificate in UNMS
Ubiquiti Employee
Posts: 3,006
Registered: ‎09-08-2017
Kudos: 1153
Solutions: 211

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

@your845  Hello Abraham. Thank you for the explanation. In case you want to use your own certificate you will need to reinstall your UNMS with these custom installation tags. Please note that reinstalling UNMS will not delete your data.

UBNT_Alternate_Logo.png
UNMS Support - If you want to report an issue please use this guide.

Check out our ever-evolving Help Center for answers to many common questions!

New Member
Posts: 13
Registered: ‎10-14-2018

Re: I want to install a certificate on my UNMS server, I Working on this for days' no success

I ren the folowing cmd

curl -fsSL https://unms.com/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --http-port 8080 --https-port 8443 --ssl-cert-dir /home/unms/data/cert --ssl-cert unms.mydomain.com.pem --ssl-cert- ca unms.mydomain.com.pem

And I got a msg
Please set --ssl-cert-key

 

Reply