UniFi Controller Let's Encrypt


I have followed these two videos but after letsencrypt so stop my controls to work. When I visit the page, it tries to set up the secure connection gene then it makes it take too long

Hosted UniFi Controller Setup on Vultr

Let’s Encrypt UniFi

Based on the information you provided and assuming that you could establish a connection to the controller GUI prior to doing the LE thing, two possible problems come to mind:

  1. The LE cert generation was not successful. You can check this by examining the contents of the /etc/letsencrypt/live/YOUR-DOMAIN/fullchain.pem file. To make sure it’s an actual, syntactically valid certificate, you can try it in an online certificate decoder like this arbitrary one I found on Google.

  2. There was a problem with the unifi_ssl_import.sh script. I’ve no experience using this method, but it might be misconfigured or simply broken.

Either of these scenarios could lead to the controller’s web server not starting up correctly and thus, you not being able to access the GUI. I actually don’t know whether the controller uses multiple servers for the GUI and the inform process, or if it’s the same server. But have you tried adopting an AP (I mean SSH-ing into the AP and using the set-inform command)?

But let me just say, I’m not very fond of the whole routine presented by Chris in the first place. I find it complicated and error-prone. My prefered way of setting up a unifi controller (when you’re already renting a whole VPS for that) is to use docker.

There is a brilliant container called jwilder/nginx-proxy and companion JrCs/docker-letsencrypt-nginx-proxy-companion. Combined with a dockerized Unifi controller (I use linuxserver/docker-unifi), what this does for you is you don’t actually have to change the certificate in the controller’s web server because you won’t directly access the controller from the internet. Instead, you’ll be connecting to the nginx reverse proxy which in turn connects to the controller and serves it to you.

The reverse proxy will handle all your internet-facing websites (including, but not at all limited to) the Unifi controller GUI, all of which can have their own (sub-)domains, and the LE companion will automatically get and renew certificates for all the sites you want it to.

An important thing to understand in my opinion is that if you think about it, the Unifi controller GUI (and I’m just talking about the GUI here) is not different from any other web app. It does not care how you connect to it.
It would be ridiculous to say "Well, let’s reserve port 12345 for WordPress and the URL of every WP instance there is has to end in “:12345”. Similarly, the Unifi controller does not have to be run at port 8443. I very much prefer the use of subdomains to organize multiple websites over ports.

That’s just something I never saw any of the Unifi controller tutorials that are out there explain. In fact, I’m planning to do a tutorial on the exact workflow I described above for this forum, so stay tuned if you’re interested in that :slight_smile:


That sounds awesome! Thank you, I’ll be waiting for it!

When I open the file I get a certificate with start and end.

i am a now beginner on ubunto may read me to every input line.

I get this up in chrome. but even so it says time out

Check out this script. There are a couple of things you have to edit for your environment, but once configured really takes the headache out of the process. I’ve been using it for the past year or so.

1 Like

Isn’t that the one I did on this link?

Is it any more thing I need conf as he does not show in the manual

@kingsolmn I published the tutorial, you can check it out here if you like :slightly_smiling_face:.