j-c-m / Ubnt Letsencrypt
Let's Encrypt setup instructions for Ubiquiti EdgeRouter
Stars: ✭ 341
Programming Languages
shell
77523 projects
Labels
Projects that are alternatives of or similar to Ubnt Letsencrypt
docker-nginx-certbot
Automatically create and renew website certificates for free using the Let's Encrypt certificate authority.
Stars: ✭ 367 (+7.62%)
Mutual labels: letsencrypt, acme
Certmagic
Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal
Stars: ✭ 3,864 (+1033.14%)
Mutual labels: letsencrypt, acme
ght-acme.sh
Shell script to sign certificate by the letsencrypt CA
Stars: ✭ 31 (-90.91%)
Mutual labels: letsencrypt, acme
AzureWebAppSSLManager
Acquires and manages free SSL certificates for Azure Web App and Azure Functions applications.
Stars: ✭ 70 (-79.47%)
Mutual labels: letsencrypt, acme
Openshift Acme
ACME Controller for OpenShift and Kubernetes Cluster. (Supports e.g. Let's Encrypt)
Stars: ✭ 287 (-15.84%)
Mutual labels: letsencrypt, acme
kong-plugin-acme
Let's Encrypt and ACMEv2 integration with Kong - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Stars: ✭ 36 (-89.44%)
Mutual labels: letsencrypt, acme
Acmetool
🔒 acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
Stars: ✭ 1,882 (+451.91%)
Mutual labels: letsencrypt, acme
freshcerts
ACME certificate protocol (Let's Encrypt) proxy client with a dashboard and monitoring
Stars: ✭ 59 (-82.7%)
Mutual labels: letsencrypt, acme
acme-dns-01-cloudflare
Cloudflare DNS for Let's Encrypt / ACME dns-01 challenges with Greenlock.js and ACME.js
Stars: ✭ 13 (-96.19%)
Mutual labels: letsencrypt, acme
acme-companion
Automated ACME SSL certificate generation for nginx-proxy
Stars: ✭ 6,434 (+1786.8%)
Mutual labels: letsencrypt, acme
Terraform Provider Acme Old
ACME (Let's Encrypt) Support for Terraform
Stars: ✭ 211 (-38.12%)
Mutual labels: letsencrypt, acme
acme
Go client library implementation for ACME v2 (RFC8555)
Stars: ✭ 77 (-77.42%)
Mutual labels: letsencrypt, acme
Manuale
A fully manual Let's Encrypt/ACME client
Stars: ✭ 201 (-41.06%)
Mutual labels: letsencrypt, acme
letsencrypt-inwx
A small cli utility for automating the letsencrypt dns-01 challenge for domains hosted by inwx.
Stars: ✭ 43 (-87.39%)
Mutual labels: letsencrypt, acme
Edgemax Acme
Let's Encrypt setup instructions for Ubiquiti EdgeRouter using DNS-01
Stars: ✭ 121 (-64.52%)
Mutual labels: letsencrypt, acme
Sewer
Let's Encrypt(ACME) client. Python library & CLI app.
Stars: ✭ 131 (-61.58%)
Mutual labels: letsencrypt, acme
lua-resty-acme
Automatic Let's Encrypt certificate serving and Lua implementation of ACMEv2 procotol
Stars: ✭ 95 (-72.14%)
Mutual labels: letsencrypt, acme
ACMECert
PHP client library for Let's Encrypt (ACME v2 - RFC 8555)
Stars: ✭ 83 (-75.66%)
Mutual labels: letsencrypt, acme
Let's Encrypt with the Ubiquiti EdgeRouter
This guide uses https://letsencrypt.org/ and https://github.com/Neilpang/acme.sh to generate a valid SSL certificate for the EdgeRouter.
- Does not ever expose the admin GUI to the internet
- 100% /config driven, does not require modification to EdgeOS system files
Install acme.sh & scripts
- Connect via ssh to your EdgeRouter and execute the following command.
curl https://raw.githubusercontent.com/j-c-m/ubnt-letsencrypt/master/install.sh | sudo bash
Configuration
- In the steps below replace/verify the following:
- subdomain.example.com - FQDN
- 192.168.1.1 - LAN IP of Router
- Configure DNS record for subdomain.example.com to your public WAN IP.
- Connect via ssh to your EdgeRouter.
-
Initialize your certificate.
sudo /config/scripts/renew.acme.sh -d subdomain.example.comYou can include additional common names for your certificate, so long as they resolve to the same WAN address:
sudo /config/scripts/renew.acme.sh -d subdomain.example.com -d subdomain2.example.com -
Enter configuration mode.
configure -
Setup static host mapping for FQDN to the LAN IP.
set system static-host-mapping host-name subdomain.example.com inet 192.168.1.1 -
Configure cert-file location for gui.
set service gui cert-file /config/ssl/server.pem set service gui ca-file /config/ssl/ca.pem -
Configure task scheduler to renew certificate automatically.
set system task-scheduler task renew.acme executable path /config/scripts/renew.acme.sh set system task-scheduler task renew.acme interval 1d set system task-scheduler task renew.acme executable arguments '-d subdomain.example.com'If you included multiple names in step 1, you'll need to include any additional names here as well.
set system task-scheduler task renew.acme executable arguments '-d subdomain.example.com -d subdomain2.example.com' -
Commit, save and exit configuration mode.
commit save exit -
Accesss your router by going to https://subdomain.example.com
Changelog
20200419 - Use SIGTERM for GUI service stop
20200109 - Use systemctl on 2.0 to start GUI service
20191022 - Prevent sudo error
20190311 - Initialize certificate first outside of configuration mode
20180609 - Install script
20180605 - IPv6 support
20180213 - Deprecate -i <wandev> option
20171126 - Add ca.pem for complete certificate chain
- Temporarily disable http port forwarding during renew
20171013 - Remove reload.acme.sh
20170530 - Check wan ip
20170417 - Stop gui service during challenge
20170320 - Add multiple name support
20170317 - Change from standalone to webroot auth using lighttpd
20170224 - Bug fixes
20170110 - Born
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].