{"id":13815706,"url":"https://github.com/j-c-m/ubnt-letsencrypt","last_synced_at":"2026-04-04T15:24:36.723Z","repository":{"id":48143827,"uuid":"78507106","full_name":"j-c-m/ubnt-letsencrypt","owner":"j-c-m","description":"Let's Encrypt setup instructions for Ubiquiti EdgeRouter","archived":false,"fork":false,"pushed_at":"2023-11-19T16:47:54.000Z","size":36,"stargazers_count":470,"open_issues_count":3,"forks_count":68,"subscribers_count":48,"default_branch":"master","last_synced_at":"2024-08-04T04:09:22.468Z","etag":null,"topics":["acme","acme-protocol","edgerouter","letsencrypt","ubiquiti-edgerouter"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/j-c-m.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-01-10T07:04:24.000Z","updated_at":"2024-08-01T09:33:36.000Z","dependencies_parsed_at":"2023-11-19T17:34:30.387Z","dependency_job_id":null,"html_url":"https://github.com/j-c-m/ubnt-letsencrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/j-c-m%2Fubnt-letsencrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/j-c-m%2Fubnt-letsencrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/j-c-m%2Fubnt-letsencrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/j-c-m%2Fubnt-letsencrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/j-c-m","download_url":"https://codeload.github.com/j-c-m/ubnt-letsencrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225342819,"owners_count":17459481,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","acme-protocol","edgerouter","letsencrypt","ubiquiti-edgerouter"],"created_at":"2024-08-04T04:03:55.599Z","updated_at":"2026-04-04T15:24:36.547Z","avatar_url":"https://github.com/j-c-m.png","language":"Shell","funding_links":[],"categories":["Shell","EdgeRouter / EdgeOS"],"sub_categories":["Other Platforms"],"readme":"# Let's Encrypt with the Ubiquiti EdgeRouter\n\nThis guide uses \u003chttps://letsencrypt.org/\u003e and \u003chttps://github.com/Neilpang/acme.sh\u003e\nto generate a valid SSL certificate for the EdgeRouter.\n\n* Does not ever expose the admin GUI to the internet\n* 100% /config driven, does not require modification to EdgeOS system files\n\n## Install/Update acme.sh \u0026 scripts\n\n* Connect via ssh to your EdgeRouter and execute the following command.\n```\ncurl https://raw.githubusercontent.com/j-c-m/ubnt-letsencrypt/master/install.sh | sudo bash\n```\n\n## Configuration\n\n* In the steps below replace/verify the following:\n  * subdomain.example.com - FQDN\n  * 192.168.1.1 - LAN IP of Router\n* Configure DNS record for subdomain.example.com to your public WAN IP.\n* Connect via ssh to your EdgeRouter.\n\n1. Initialize your certificate.\n\n    ```\n    sudo /config/scripts/renew.acme.sh -d subdomain.example.com\n    ```\n\n    You can include additional common names for your certificate, so long as they resolve to the same WAN address:\n\n    ```\n    sudo /config/scripts/renew.acme.sh -d subdomain.example.com -d subdomain2.example.com\n    ```\n\n2. Enter configuration mode.\n\n    ```\n    configure\n    ```\n\n3. Setup static host mapping for FQDN to the LAN IP.\n\n    ```\n    set system static-host-mapping host-name subdomain.example.com inet 192.168.1.1\n    ```\n\n4. Configure cert-file location for gui.\n\n    ```\n    set service gui cert-file /config/ssl/server.pem\n    set service gui ca-file /config/ssl/ca.pem\n    ```\n\n5. Configure task scheduler to renew certificate automatically.\n\n    ```\n    set system task-scheduler task renew.acme executable path /config/scripts/renew.acme.sh\n    set system task-scheduler task renew.acme interval 1d\n    set system task-scheduler task renew.acme executable arguments '-d subdomain.example.com'\n    ```\n\n    If you included multiple names in step 1, you'll need to include any additional names here as well.\n\n    ```\n    set system task-scheduler task renew.acme executable arguments '-d subdomain.example.com -d subdomain2.example.com'\n    ```\n\n6. Commit, save and exit configuration mode.\n\n    ```\n    commit\n    save\n    exit\n    ```\n\n\n7. Accesss your router by going to \u003chttps://subdomain.example.com\u003e\n\n## Changelog\n\n    20231119 - Update install script to create ssl directory\n    20231112 - Install script now fetches updated cacert bundle for curl\n    20230208 - Update option handling to pass --staging and --test to acme.sh\n               Update reload command to use vars, fixes ECDSA key issues\n    20220624 - Update acme.sh repo to https://github.com/acmesh-official/acme.sh\n    20210622 - Update option handling to pass --debug and --force to acme.sh\n    20210621 - Default to Let's Encrypt CA\n             - Add -f to force renew\n    20200419 - Use SIGTERM for GUI service stop\n    20200109 - Use systemctl on 2.0 to start GUI service\n    20191022 - Prevent sudo error\n    20190311 - Initialize certificate first outside of configuration mode\n    20180609 - Install script\n    20180605 - IPv6 support\n    20180213 - Deprecate -i \u003cwandev\u003e option\n    20171126 - Add ca.pem for complete certificate chain\n             - Temporarily disable http port forwarding during renew\n    20171013 - Remove reload.acme.sh\n    20170530 - Check wan ip\n    20170417 - Stop gui service during challenge\n    20170320 - Add multiple name support\n    20170317 - Change from standalone to webroot auth using lighttpd\n    20170224 - Bug fixes\n    20170110 - Born\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fj-c-m%2Fubnt-letsencrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fj-c-m%2Fubnt-letsencrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fj-c-m%2Fubnt-letsencrypt/lists"}