Had an issue with the Lets Encrypt cert for a UniFi-Video server.\u00a0 When renewing the cert and reimporting it into the UniFi-Video keystore, the certification was showing out of date.<\/p>\n
Issue ended up being something with certbot.<\/p>\n
When certbot runs it generates a new cert.pem, chain.pem, fullchain.pem and privkey.pem and puts them in the “\/etc\/letsencrypt\/live\/unifi.domain.com\/” directory.<\/p>\n
The privkey.pem and cert.pem are used to create the keys.p12 file which gets imported into the UniFi-Video keystore.<\/p>\n
Apparently the .pem files in “\/etc\/letsencrypt\/live\/unifi.domain.com\/” are symbolic links to files in “\/etc\/letsencrypt\/archive\/unifi.domain.com\/”<\/p>\n
Upon inspection of the archive directory, multiple cert.pem and privkey.pem files were found with the names cert1.pem, cert2.pem, cert3.pem etc.\u00a0 Looking at the creation date of the file revealed the symbolic link was referring to an old “cert1.pem” file.<\/p>\n
Work around was to stop the unifi-video service and reimport the cert using the latest .pem files in the archive directory.<\/p>\n
echo ubiquiti | openssl pkcs12 -export -inkey \/etc\/letsencrypt\/archive\/unifi.yourdomain.com\/privkey2.pem -in \/etc\/letsencrypt\/archive\/unifi.yourdomain.com\/cert2.pem -name airvision -out \/usr\/lib\/unifi-video\/data\/keys.p12 -password stdin\r\necho y | keytool -importkeystore -srckeystore \/etc\/letsencrypt\/archive\/unifi.yourdomain.com\/keys.p12 -srcstoretype pkcs12 -destkeystore \/usr\/lib\/unifi-video\/data\/keystore -storepass ubiquiti -srcstorepass ubiquiti<\/pre>\nRemove the old ufv-truststore and start the service.<\/p>\n
mv \/usr\/lib\/unifi-video\/data\/ufv-truststore{,.old}\r\nsystemctl start unifi-video<\/pre>\nWorked like a charm.<\/p>\n","protected":false},"excerpt":{"rendered":"
Had an issue with the Lets Encrypt cert for a UniFi-Video server.\u00a0 When renewing the cert and reimporting it into the UniFi-Video keystore, the certification was showing out of date. Issue ended up being something with certbot. When certbot runs … Continue reading