UniFi UDM – Free domain, Custom DNS and Free SSL Certificate on Windows

Here is scenario:

Create a free domain name

Choose the top level domain http://www.mysite.tk from Freenom.com and configure URL Forwarding to mysite.duckdns.org in the Management Tool of freenom.

Create Custom DNS Name

Create your subdomain on DuckDNS and configure auto update in UDM as explained in this post.

Free SSH Certificate

Get a free SSH certificate via Let’s Encrypt on UniFi Dream Machine (UDM), use UDM-LE tool and follow the steps in Gabi.io post

Let’s Encrypt certificates are created in /mnt/data/udm-le/lego/certificates

cd /mnt/data/udm-le/lego/certificates
ls -l
-rw-------    1 root     root          5654 Aug 11 05:27 mysite.duckdns.org.crt
-rw-------    1 root     root          3751 Aug 11 05:27 mysite.duckdns.org.issuer.crt
-rw-------    1 root     root           244 Aug 11 05:27 mysite.duckdns.org.json
-rw-------    1 root     root          1679 Aug 11 05:27 mysite.duckdns.org.key

Create a backup of original UDM certificates:

cd /mnt/data/unifi-os/unifi-core/config/
cp unifi-core.crt unifi-core.crt.bkp
cp unifi-core.key unifi-core.key.bkp

Replace original SSL certificate in UDM using the above file CRT and KEY in /mnt/data/unifi-os/unifi-core/config/

Export to Windows

In Windows 10, install WinSCP and SSH to UDM to copy all files locally. Remember to set connection type to SCP

Convert the CRT file to PFX file as explained on that page and install the certificate in IIS.