Tag Archives: unifi

Install certificate for Unifi Controller

1. Request certificate. I saved my certificate as unifi2020.crt and unifi2020.key
2. Replace certificate on unifi controller

openssl pkcs12 -export -inkey unifi2020.key -in unifi2020.crt -out unifi.p12 -name unifi  -password pass:temppass
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias unifi -noprompt

3. Restart unifi

/etc/init.d/unifi restart

Add Cloudflare Dynamic DNS Support on Unifi USG

It seems Unifi USG still doesn’t support Cloudflare Dynamic DNS, even though lots of users voted for this feature.
In the past I’m using dnsomatic to update cloudflare DDNS, but dnsomatic is not working anymore. So I spent sometime to find a solution.

1. Create a config.gateway.json and put it on unifi controller. Then provision USG.
If you don’t know how to create the file, please refer to https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-Advanced-USG-Configuration

{
	"service": {
		"dns": {
			"dynamic": {
				"interface": {
					"<WAN interface eg eth0>": {
						"service": {
							"cloudflare": {
								"host-name": [
									"<insert A record name here eg. usg.example.com>"
								],
								"login": "<CloudFlare E-Mail>",
								"options": [
									"zone=<DNS Zone eg. example.com>"
								],
								"password": "<CloudFlare Global API Key>",
								"protocol": "cloudflare"
							}
						}
					}
				}
			}
		}
	}
}

2. Upgrade ddclient on USG to version 3.9.0.
Save below script as a bash file:

#!/bin/bash
# Run this script as sudo

# Specify the repo and the location of the apt sources list
DEB_REPO="deb http://archive.debian.org/debian/ wheezy main # wheezy #"
APT_SRC="/etc/apt/sources.list"

# Add deb repo to sources list if it isn't there
grep -q -F "$DEB_REPO" "$APT_SRC" || echo "$DEB_REPO" >> "$APT_SRC"

# Run Apt update
apt-get update; apt-get -y install libdata-validate-ip-perl

# Download new ddclient and replace the existing version
cd /tmp
curl -L -O https://raw.githubusercontent.com/ddclient/ddclient/master/ddclient
cp /usr/sbin/ddclient /usr/sbin/ddclient.bkp
cp ddclient /usr/sbin/ddclient
chmod +x /usr/sbin/ddclient

And chomod +x the file and run it with root. Then the script will install libdata-validate-ip-perl as well as ddclient 3.9.0.

3. As we are using standard ddclient, so we have to create a copy of the old ddclient configuration file.

cd /etc/ddclient
cp ddclient_eth0.conf ddclient.conf

4. Then restart ddclient.

/etc/init.d/ddclient

5. Done. From system log, you should be able to see ddclient update cloudflare DDNS now.