UniFi UDM – Free domain, Custom DNS and Free SSL Certificate on Windows

Here is scenario:

Create a free domain name

Choose the top level domain http://www.mysite.tk from Freenom.com and configure URL Forwarding to mysite.duckdns.org in the Management Tool of freenom.

Create Custom DNS Name

Create your subdomain on DuckDNS and configure auto update in UDM as explained in this post.

Free SSH Certificate

Get a free SSH certificate via Let’s Encrypt on UniFi Dream Machine (UDM), use UDM-LE tool and follow the steps in Gabi.io post

Let’s Encrypt certificates are created in /mnt/data/udm-le/lego/certificates

cd /mnt/data/udm-le/lego/certificates
ls -l
-rw-------    1 root     root          5654 Aug 11 05:27 mysite.duckdns.org.crt
-rw-------    1 root     root          3751 Aug 11 05:27 mysite.duckdns.org.issuer.crt
-rw-------    1 root     root           244 Aug 11 05:27 mysite.duckdns.org.json
-rw-------    1 root     root          1679 Aug 11 05:27 mysite.duckdns.org.key

Create a backup of original UDM certificates:

cd /mnt/data/unifi-os/unifi-core/config/
cp unifi-core.crt unifi-core.crt.bkp
cp unifi-core.key unifi-core.key.bkp

Replace original SSL certificate in UDM using the above file CRT and KEY in /mnt/data/unifi-os/unifi-core/config/

Export to Windows

In Windows 10, install WinSCP and SSH to UDM to copy all files locally. Remember to set connection type to SCP

Convert the CRT file to PFX file as explained on that page and install the certificate in IIS.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.