So I recently moved from a self-hosted unifi controller to a unifi cloud key gen2. https://eu.store.ui.com/collections/unifi-accessories-cloud-key/products/unifi-cloud-key-gen2 I wanted to be able to access it locally though over https with a valid cert. It turns out the cloudkey just runs a basic debian strech install with standard apt commands! So heres how I made that happpen.
Pre-requisites:
- unifi cloud key
- A domain with cloudflare DNS setup & API keys setup
First steps.
- Make sure the Cloud Key is upto date.
- Enable SSH on the cloud key.
- A subdomain setup with an A record of your local cloud key IP
- Open an SSH session to the cloudkey. “root” is the username plus the password you setup in the cloudkey gui
Install certbot with cloudflare dns extension
Create secrets dirs
Create secrets file with your cloudflare api keys
Example Content
1
2
3
# Cloudflare API credentials used by Certbot
dns_cloudflare_email = you@example.com
dns_cloudflare_api_key = wen_lambo?wen_moon?
Secure permissions on cloudflare creds (stops warnings in certbot output)
Time to request the cert!
Assuming that went well (read the output and debug if needed) move ahead to configure the cloudkey to use the key. Note the path of the cert and key from certbots output
Add the following to your root user crontab file (use crontab -e
)
1
41 2 * * * certbot renew --post-hook "service unifi-core restart"
Now you should be able to access your cloudkey locally via fqdn_of_your_cloudkey.example.com
with a valid cert!