Let's Encrypt hook to deploy an SSL certificate to a UniFi USG.

gateway.nepherte.com.sh

#!/usr/bin/env bash 
set -e

# Deploys the certicate.
function deploy_to_usg {
  # The key to use to login to the UniFi USG.
  local SSH_KEY="/root/.ssh/unifi-usg"

  # The user and hostname of the UniFi USG.
  local HOST="[email protected]"

  # Make sure the certificate and private key files are
  # never world readable, even just for a brief moment.
  umask 077

  # Lighttpd requires the private key and certificate combined in one file.
  cat "$RENEWED_LINEAGE/privkey.pem" "$RENEWED_LINEAGE/cert.pem" > "$RENEWED_LINEAGE/server.pem"

  # Create the bin directory on the UniFi USG.
  ssh -i $SSH_KEY $HOST mkdir -p .bin

  # Download the SSL import script from GitHub.
  ssh -i $SSH_KEY $HOST curl -o .bin/usg-import-ssl.sh https://gist.githubusercontent.com/Nepherte/4a4bbd90fc44431c838a904f19ada3f7/raw/17e23babfd3bb39d66391217248db109c30c60ab/usg-import-ssl.sh

  # Make the SSL import script executable.
  ssh -i $SSH_KEY $HOST chmod +x .bin/usg-import-ssl.sh 

  # Create the certificate directory on the UniFi USG.
  ssh -i $SSH_KEY $HOST mkdir -p .certificate

  # Upload the certificate to the UniFi USG.
  scp -i $SSH_KEY $RENEWED_LINEAGE/server.pem $HOST:.certificate

  # Import the certificate into the UniFi USG.	
  ssh -i $SSH_KEY $HOST sudo /home/admin/.bin/usg-import-ssl.sh
}

for domain in $RENEWED_DOMAINS; do
  case $domain in
  gateway.nepherte.com)
    deploy_to_usg
    ;;
  esac
done