Skip to content

Instantly share code, notes, and snippets.

@hisnameisjimmy
Last active March 14, 2022 22:14
Show Gist options
  • Save hisnameisjimmy/56f9414076ca39a79bfa07eefa89759e to your computer and use it in GitHub Desktop.
Save hisnameisjimmy/56f9414076ca39a79bfa07eefa89759e to your computer and use it in GitHub Desktop.
Unifi Controller one-shot install script for Ubuntu 16.04 with Lets Encrypt
#!/bin/sh
#
# This script stands on the shoulders of giants.
#
# You can always find the most recent version here: https://gist.github.com/hisnameisjimmy/56f9414076ca39a79bfa07eefa89759e
#
# It is written and tested for Ubuntu 16.04 on Digital Ocean using a 1GB droplet.
# Anything less than 1GB of memory may cause issues with anything memory intensive
# like imports/exports.
#
# It does the following:
# 1) Opens the appropriate ports for Unifi, SSH, Web/SSL traffic via iptables
# 2) Makes the Unifi/Certbot software available as a package
# 3) Installs haveged to prevent entropy (see jeff-ferguson.com reference below)
# 4) Installs fail2ban as a basic security measure
# 5) Asks to install unattended security upgrades for long-term security
# 6) Uses Certbot to request a Lets Encrypt Certificate, and then installs it
# 7) Writes an NGINX proxy config
# 8) Writes out an automatic renewal cron for Lets Encrypt (as the certs expire every 3 months)
#
# I recommend running it from /opt on your server. In my installation I called it 'le-install.sh'
# Run it with the following:
# bash /opt/le-install.sh
#
# Alternatively you can make it executable and run it without specifying bash, but this is a one
# time script, so it seems unnecessary.
#
# Thanks to these resources below:
# https://community.ubnt.com/t5/UniFi-Wireless/Ubuntu-single-script-LetsEncrypt-Nginx-Proxy-UniFi-5-Repo/m-p/1626526/highlight/false#M172872
# http://www.jeff-ferguson.com/2016/11/21/unifi-5-2-9-installation-script-for-digital-ocean/
# https://murfy.nz/2017/01/ubiquiti-unifi-secure-installation/
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
# OR OTHER DEALINGS IN THE SOFTWARE.
#
RED='\033[0;31m'
CYAN='\033[0;36m'
NC='\033[0m'
# Gathering variables to use for the rest of the script
echo -en "${CYAN}Enter your domain name [my.fqdn.com]: ${NC}"
read NAME
echo -en "${CYAN}Enter your email address [[email protected]]: ${NC}"
read EMAIL
echo "These parameters are used exclusively by LetsEncrypt to register your SSL certificate and provide notifications:"
echo "Domain: $NAME"
echo "E-Mail: $EMAIL"
read -p "$(echo -e ${CYAN}"Does this look OK? [Y/N]: "${NC})" -n 1 REPLY
echo # (optional) move to a new line
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
echo -e "${RED}Please re-run $0 and re-enter the params.${NC}"
exit 1
fi
# Installing UNIFI software
echo -e "${CYAN}Installing Unifi${NC}"
echo 'deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
echo y | apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50
echo y | apt-get update
echo y | apt-get install unifi
# iptables config
echo "${CYAN}Opening relevant ports via iptables${NC}"
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p udp --dport 3478 -j ACCEPT
iptables -A INPUT -p tcp --dport 6787 -j ACCEPT
iptables -A INPUT -p tcp --dport 8081 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
iptables -A INPUT -p tcp --dport 8880 -j ACCEPT
iptables -A INPUT -p tcp --dport 8843 -j ACCEPT
iptables -A INPUT -p tcp --dport 27117 -j ACCEPT
iptables -A INPUT -j DROP
# Install relevant packages
echo -e "${CYAN}Updating and installing relevant packages${NC}"
echo y | apt-get upgrade
apt-get -f install
echo y | apt-get install software-properties-common
echo y | add-apt-repository ppa:certbot/certbot
apt-get update
echo y | apt-get install nginx certbot haveged iptables-persistent fail2ban unattended-upgrades openjdk-8-jre-headless
# Install unattended upgrades (much better long-term security)
read -p "$(echo -e ${CYAN}"Enable unattended upgrades for this server (with auto-reboots)? [Y/N]: "${NC})" -n 1 REPLY
echo # (optional) move to a new line
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
echo -e "${RED}No security updates will be auto-installed${NC}"
else
dpkg-reconfigure --priority=low unattended-upgrades
sed -i.bak 's#// Unattended-Upgrade::Automatic-Reboot "false";#Unattended-Upgrade::Automatic-Reboot "true";#' /etc/apt/apt.conf.d/50unattended-upgrades
fi
# Lets Encrypt certificate request, run it non-interactively (-n) so we don't have to agree to anything
echo -e "${CYAN}Requesting Certificate for $NAME${NC}"
service nginx stop
certbot -n certonly -d $NAME --standalone --agree-tos --preferred-challenges http-01 --email $EMAIL
service nginx start
echo -e "${CYAN}Adding certificate to UniFi Controller for $NAME${NC}"
service unifi stop
echo aircontrolenterprise | openssl pkcs12 -export -inkey /etc/letsencrypt/live/$NAME/privkey.pem -in /etc/letsencrypt/live/$NAME/cert.pem -name unifi -out /etc/letsencrypt/live/$NAME/keys.p12 -password stdin
echo y | keytool -importkeystore -srckeystore /etc/letsencrypt/live/$NAME/keys.p12 -srcstoretype pkcs12 -destkeystore /usr/lib/unifi/data/keystore -storepass aircontrolenterprise -srcstorepass aircontrolenterprise
service unifi start
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
# NGINX Proxy
echo -e "${CYAN}Writing nginx proxy configuration${NC}"
service nginx stop
printf "server_tokens off;\n\
add_header X-Frame-Options SAMEORIGIN;\n\
add_header X-XSS-Protection \"1; mode=block\";\n\
server {\n\
listen 80;\n\
server_name $NAME;\n\
return 301 https://$NAME\$request_uri;\n\
}\n\
server {\n\
listen 443 ssl default_server http2;\n\
server_name $NAME;\n\
ssl_dhparam /etc/ssl/certs/dhparam.pem;\n\
ssl_certificate /etc/letsencrypt/live/$NAME/fullchain.pem;\n\
ssl_certificate_key /etc/letsencrypt/live/$NAME/privkey.pem;\n\
ssl_session_cache shared:SSL:10m;\n\
ssl_session_timeout 10m;\n\
keepalive_timeout 300;\n\
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n\
ssl_prefer_server_ciphers on;\n\
ssl_stapling on;\n\
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
add_header Strict-Transport-Security max-age=31536000;\n\
add_header X-Frame-Options DENY;\n\
error_log /var/log/unifi/nginx.log;\n\
proxy_cache off;\n\
proxy_store off;\n\
location / {\n\
proxy_set_header Referer \"\";\n\
proxy_pass https://localhost:8443;\n\
proxy_set_header Host \$host;\n\
proxy_set_header X-Real-IP \$remote_addr;\n\
proxy_set_header X-Forward-For \$proxy_add_x_forwarded_for;\n\
proxy_http_version 1.1;\n\
proxy_set_header Upgrade \$http_upgrade;\n\
proxy_set_header Connection \"upgrade\";\n\
}\n\
}\n\
" > /etc/nginx/sites-enabled/default
service nginx start
# Automatic LE Certificate renewals - This creates a crontab for you
echo -e "${CYAN}Writing Crontab for LetsEncrypt renewals to /etc/cron.monthly/le-unifi-renew${NC}"
echo -e "#!/bin/sh\n\
service nginx stop\n\
echo y | certbot renew --standalone --preferred-challenges http-01\n\
service nginx start\n\
service unifi stop\n\
echo aircontrolenterprise | openssl pkcs12 -export -inkey /etc/letsencrypt/live/$NAME/privkey.pem -in /etc/letsencrypt/live/$NAME/cert.pem -name unifi -out /etc/letsencrypt/live/$NAME/keys.p12 -password stdin\n\
echo y | keytool -importkeystore -srckeystore /etc/letsencrypt/live/$NAME/keys.p12 -srcstoretype pkcs12 -destkeystore /usr/lib/unifi/data/keystore -storepass aircontrolenterprise -srcstorepass aircontrolenterprise\n\
service unifi start\n\
" > /etc/cron.monthly/le-unifi-renew
chmod +x /etc/cron.monthly/le-unifi-renew
echo -e "${CYAN}\n\n\n\nINSTALLATION COMPLETE! \nYou may see a bad gateway error on https://$NAME/\nWhile the controller performs its first-time initialization\n${NC}"
echo -e "${CYAN}If the bad gateway persists for longer than a couple minutes, try restarting the unifi controller from the commandline${NC}"
@Theolodewijk
Copy link

Theolodewijk commented Sep 9, 2017

script error

Click to expand log root@ubnt:/home/domain# sudo ./le-install.sh -en Enter your domain name [my.fqdn.com]: ubnt.domain.nl -en Enter your email address [[email protected]]: [email protected] These parameters are used exclusively by LetsEncrypt to register your SSL certificate and provide notifications: Domain: ubnt.domain.nl E-Mail: [email protected] ./le-install.sh: 51: read: Illegal option -n

./le-install.sh: 53: ./le-install.sh: [[: not found
Opening relevant ports via iptables
-e Updating and installing relevant packages
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
libcups2 linux-firmware snapd
3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 49.6 MB of archives.
After this operation, 5,315 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libcups2 amd64 2.1.3-4ubuntu0.3 [197 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 linux-firmware all 1.157.12 [38.8 MB]
Get:3 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 snapd amd64 2.27.5 [10.7 MB]
Fetched 49.6 MB in 8s (5,652 kB/s)
(Reading database ... 126253 files and directories currently installed.)
Preparing to unpack .../libcups2_2.1.3-4ubuntu0.3_amd64.deb ...
Unpacking libcups2:amd64 (2.1.3-4ubuntu0.3) over (2.1.3-4) ...
Preparing to unpack .../linux-firmware_1.157.12_all.deb ...
Unpacking linux-firmware (1.157.12) over (1.157.11) ...
Preparing to unpack .../snapd_2.27.5_amd64.deb ...
Warning: Stopping snapd.service, but it can still be activated by:
snapd.socket
Unpacking snapd (2.27.5) over (2.26.10) ...
Processing triggers for libc-bin (2.23-0ubuntu9) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up libcups2:amd64 (2.1.3-4ubuntu0.3) ...
Setting up linux-firmware (1.157.12) ...
update-initramfs: Generating /boot/initrd.img-4.4.0-93-generic
W: mdadm: /etc/mdadm/mdadm.conf defines no arrays.
update-initramfs: Generating /boot/initrd.img-4.4.0-92-generic
W: mdadm: /etc/mdadm/mdadm.conf defines no arrays.
update-initramfs: Generating /boot/initrd.img-4.4.0-87-generic
W: mdadm: /etc/mdadm/mdadm.conf defines no arrays.
Setting up snapd (2.27.5) ...
Installing new version of config file /etc/apparmor.d/usr.lib.snapd.snap-confine.real ...
Processing triggers for libc-bin (2.23-0ubuntu9) ...
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree
Reading state information... Done
software-properties-common is already the newest version (0.96.20.7).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
This is the PPA for packages prepared by Debian Let's Encrypt Team and backported for Ubuntu(s).
More info: https://launchpad.net/certbot/+archive/ubuntu/certbot
gpg: keyring /tmp/tmppd6g1rhs/secring.gpg' created gpg: keyring /tmp/tmppd6g1rhs/pubring.gpg' created
gpg: requesting key 75BCA694 from hkp server keyserver.ubuntu.com
gpg: /tmp/tmppd6g1rhs/trustdb.gpg: trustdb created
gpg: key 75BCA694: public key "Launchpad PPA for certbot" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK
Get:1 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InRelease [24.3 kB]
Get:2 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Hit:3 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Get:4 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 Packages [10.3 kB]
Get:5 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main i386 Packages [10.3 kB]
Get:6 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main Translation-en [6,584 B]
Get:7 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]
Hit:8 http://dl.ubnt.com/unifi/debian unifi5 InRelease
Get:9 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [632 kB]
Fetched 990 kB in 0s (1,038 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
unattended-upgrades is already the newest version (0.90ubuntu0.7).
The following additional packages will be installed:
dialog libgd3 libhavege1 libjbig0 libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libtiff5 libvpx3 libxpm4 libxslt1.1 netfilter-persistent nginx-common nginx-core python python-acme python-certbot python-cffi-backend
python-chardet python-configargparse python-configobj python-cryptography python-dialog python-dnspython python-enum34 python-funcsigs python-idna python-ipaddress python-minimal python-mock python-ndg-httpsclient python-openssl
python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-pyicu python-requests python-rfc3339 python-setuptools python-six python-tz python-urllib3 python-zope.component python-zope.event
python-zope.hookable python-zope.interface python2.7 python2.7-minimal python3-pyinotify whois
Suggested packages:
python-certbot-apache python-certbot-doc mailx monit libgd-tools fcgiwrap nginx-doc ssl-cert python-doc python-tk python-acme-doc python-configobj-doc python-cryptography-doc python-cryptography-vectors python-enum34-doc
python-funcsigs-doc python-mock-doc python-openssl-doc python-openssl-dbg python-psutil-doc doc-base python-socks python-setuptools-doc python-ntlm python2.7-doc binfmt-support python-pyinotify-doc
The following NEW packages will be installed:
certbot dialog fail2ban haveged iptables-persistent libgd3 libhavege1 libjbig0 libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libtiff5 libvpx3 libxpm4 libxslt1.1 netfilter-persistent nginx nginx-common nginx-core python
python-acme python-certbot python-cffi-backend python-chardet python-configargparse python-configobj python-cryptography python-dialog python-dnspython python-enum34 python-funcsigs python-idna python-ipaddress python-minimal
python-mock python-ndg-httpsclient python-openssl python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-pyicu python-requests python-rfc3339 python-setuptools python-six python-tz python-urllib3
python-zope.component python-zope.event python-zope.hookable python-zope.interface python2.7 python2.7-minimal python3-pyinotify whois
0 upgraded, 57 newly installed, 0 to remove and 4 not upgraded.
Need to get 8,468 kB of archives.
After this operation, 37.1 MB of additional disk space will be used.
Get:1 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-cffi-backend amd64 1.10.0-0+certbot
xenial+1 [71.6 kB]
Get:2 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-idna all 2.2-1+certbotxenial+1 [31.1 kB]
Get:3 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-ipaddress all 1.0.17-1+certbot
xenial+1 [18.3 kB]
Get:4 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-pyasn1 all 0.1.9-2+certbotxenial+1 [45.8 kB]
Get:5 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-pkg-resources all 33.1.1-1+certbot
xenial+1 [166 kB]
Get:6 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-setuptools all 33.1.1-1+certbotxenial+1 [297 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpython2.7-minimal amd64 2.7.12-1ubuntu0
16.04.1 [339 kB]
Get:8 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-six all 1.10.0-3+certbotxenial+1 [11.5 kB]
Get:9 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-cryptography amd64 1.7.1-2+certbot
xenial+1 [215 kB]
Get:10 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-openssl all 17.0.0-0+certbotxenial+1 [46.6 kB]
Get:11 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-urllib3 all 1.19.1-1+certbot
xenial+1 [77.4 kB]
Get:12 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-requests all 2.12.4-1+certbotxenial+1 [101 kB]
Get:13 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-rfc3339 all 1.0-4+certbot
xenial+1 [6,342 B]
Get:14 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-dnspython all 1.15.0-1+certbotxenial+1 [85.9 kB]
Get:15 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-acme all 0.17.0-1+ubuntu16.04.1+certbot+1 [59.4 kB]
Get:16 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-dialog amd64 3.3.0-2+certbot
xenial+1 [65.5 kB]
Get:17 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-ndg-httpsclient all 0.4.2-1+certbotxenial+1 [25.6 kB]
Get:18 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-configargparse all 0.11.0-1+certbot
xenial+1 [22.3 kB]
Get:19 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-parsedatetime all 2.1-3+certbotxenial+1 [30.8 kB]
Get:20 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-certbot all 0.17.0-2+ubuntu16.04.1+certbot+1 [179 kB]
Get:21 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 certbot all 0.17.0-2+ubuntu16.04.1+certbot+1 [19.0 kB]
Get:22 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-psutil amd64 5.0.1-1+certbot
xenial+2 [128 kB]
Get:23 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 python2.7-minimal amd64 2.7.12-1ubuntu016.04.1 [1,295 kB]
Get:24 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python-minimal amd64 2.7.11-1 [28.2 kB]
Get:25 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpython2.7-stdlib amd64 2.7.12-1ubuntu0
16.04.1 [1,884 kB]
Get:26 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 python2.7 amd64 2.7.12-1ubuntu016.04.1 [224 kB]
Get:27 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libpython-stdlib amd64 2.7.11-1 [7,656 B]
Get:28 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python amd64 2.7.11-1 [137 kB]
Get:29 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libjbig0 amd64 2.1-3.1 [26.6 kB]
Get:30 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python-enum34 all 1.1.2-1 [35.8 kB]
Get:31 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python-funcsigs all 0.4-2 [12.6 kB]
Get:32 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python-pbr all 1.8.0-4ubuntu1 [46.6 kB]
Get:33 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python-mock all 1.3.0-2.1ubuntu1 [46.5 kB]
Get:34 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python-chardet all 2.3.0-2 [96.3 kB]
Get:35 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python-tz all 2014.10
dfsg1-0ubuntu2 [31.5 kB]
Get:36 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 dialog amd64 1.3-20160209-1 [215 kB]
Get:37 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python-configobj all 5.0.6-2 [34.2 kB]
Get:38 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 python-zope.event all 4.2.0-1 [7,412 B]
Get:39 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python-zope.interface amd64 4.1.3-1build1 [81.0 kB]
Get:40 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 python-zope.hookable amd64 4.0.4-4build2 [9,172 B]
Get:41 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 python-zope.component all 4.2.2-1 [38.5 kB]
Get:42 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 fail2ban all 0.9.3-1 [227 kB]
Get:43 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 netfilter-persistent all 1.0.4 [6,786 B]
Get:44 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 iptables-persistent all 1.0.4 [6,540 B]
Get:45 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libtiff5 amd64 4.0.6-1ubuntu0.2 [146 kB]
Get:46 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libvpx3 amd64 1.5.0-2ubuntu1 [732 kB]
Get:47 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libxpm4 amd64 1:3.5.11-1ubuntu0.16.04.1 [33.8 kB]
Get:48 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgd3 amd64 2.1.1-4ubuntu0.16.04.8 [126 kB]
Get:49 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libxslt1.1 amd64 1.1.28-2.1ubuntu0.1 [145 kB]
Get:50 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 nginx-common all 1.10.3-0ubuntu0.16.04.2 [26.6 kB]
Get:51 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 nginx-core amd64 1.10.3-0ubuntu0.16.04.2 [428 kB]
Get:52 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 nginx all 1.10.3-0ubuntu0.16.04.2 [3,490 B]
Get:53 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python-pyicu amd64 1.9.2-2build1 [179 kB]
Get:54 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 python3-pyinotify all 0.9.6-0fakesync1 [24.7 kB]
Get:55 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 whois amd64 5.2.11 [34.0 kB]
Get:56 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 libhavege1 amd64 1.9.1-3 [21.8 kB]
Get:57 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 haveged amd64 1.9.1-3 [28.0 kB]
Fetched 8,468 kB in 2s (3,860 kB/s)
Extracting templates from packages: 100%
Preconfiguring packages ...
Selecting previously unselected package libpython2.7-minimal:amd64.
(Reading database ... 126259 files and directories currently installed.)
Preparing to unpack .../libpython2.7-minimal_2.7.12-1ubuntu016.04.1_amd64.deb ...
Unpacking libpython2.7-minimal:amd64 (2.7.12-1ubuntu0
16.04.1) ...
Selecting previously unselected package python2.7-minimal.
Preparing to unpack .../python2.7-minimal_2.7.12-1ubuntu016.04.1_amd64.deb ...
Unpacking python2.7-minimal (2.7.12-1ubuntu0
16.04.1) ...
Selecting previously unselected package python-minimal.
Preparing to unpack .../python-minimal_2.7.11-1_amd64.deb ...
Unpacking python-minimal (2.7.11-1) ...
Selecting previously unselected package libpython2.7-stdlib:amd64.
Preparing to unpack .../libpython2.7-stdlib_2.7.12-1ubuntu016.04.1_amd64.deb ...
Unpacking libpython2.7-stdlib:amd64 (2.7.12-1ubuntu0
16.04.1) ...
Selecting previously unselected package python2.7.
Preparing to unpack .../python2.7_2.7.12-1ubuntu016.04.1_amd64.deb ...
Unpacking python2.7 (2.7.12-1ubuntu0
16.04.1) ...
Selecting previously unselected package libpython-stdlib:amd64.
Preparing to unpack .../libpython-stdlib_2.7.11-1_amd64.deb ...
Unpacking libpython-stdlib:amd64 (2.7.11-1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for mime-support (3.59ubuntu1) ...
Setting up libpython2.7-minimal:amd64 (2.7.12-1ubuntu016.04.1) ...
Setting up python2.7-minimal (2.7.12-1ubuntu0
16.04.1) ...
Linking and byte-compiling packages for runtime python2.7...
Setting up python-minimal (2.7.11-1) ...
Selecting previously unselected package python.
(Reading database ... 127005 files and directories currently installed.)
Preparing to unpack .../python_2.7.11-1_amd64.deb ...
Unpacking python (2.7.11-1) ...
Selecting previously unselected package libjbig0:amd64.
Preparing to unpack .../libjbig0_2.1-3.1_amd64.deb ...
Unpacking libjbig0:amd64 (2.1-3.1) ...
Selecting previously unselected package python-cffi-backend.
Preparing to unpack .../python-cffi-backend_1.10.0-0+certbotxenial+1_amd64.deb ...
Unpacking python-cffi-backend (1.10.0-0+certbot
xenial+1) ...
Selecting previously unselected package python-enum34.
Preparing to unpack .../python-enum34_1.1.2-1_all.deb ...
Unpacking python-enum34 (1.1.2-1) ...
Selecting previously unselected package python-idna.
Preparing to unpack .../python-idna_2.2-1+certbotxenial+1_all.deb ...
Unpacking python-idna (2.2-1+certbot
xenial+1) ...
Selecting previously unselected package python-ipaddress.
Preparing to unpack .../python-ipaddress_1.0.17-1+certbotxenial+1_all.deb ...
Unpacking python-ipaddress (1.0.17-1+certbot
xenial+1) ...
Selecting previously unselected package python-pyasn1.
Preparing to unpack .../python-pyasn1_0.1.9-2+certbotxenial+1_all.deb ...
Unpacking python-pyasn1 (0.1.9-2+certbot
xenial+1) ...
Selecting previously unselected package python-pkg-resources.
Preparing to unpack .../python-pkg-resources_33.1.1-1+certbotxenial+1_all.deb ...
Unpacking python-pkg-resources (33.1.1-1+certbot
xenial+1) ...
Selecting previously unselected package python-setuptools.
Preparing to unpack .../python-setuptools_33.1.1-1+certbotxenial+1_all.deb ...
Unpacking python-setuptools (33.1.1-1+certbot
xenial+1) ...
Selecting previously unselected package python-six.
Preparing to unpack .../python-six_1.10.0-3+certbotxenial+1_all.deb ...
Unpacking python-six (1.10.0-3+certbot
xenial+1) ...
Selecting previously unselected package python-cryptography.
Preparing to unpack .../python-cryptography_1.7.1-2+certbotxenial+1_amd64.deb ...
Unpacking python-cryptography (1.7.1-2+certbot
xenial+1) ...
Selecting previously unselected package python-openssl.
Preparing to unpack .../python-openssl_17.0.0-0+certbotxenial+1_all.deb ...
Unpacking python-openssl (17.0.0-0+certbot
xenial+1) ...
Selecting previously unselected package python-funcsigs.
Preparing to unpack .../python-funcsigs_0.4-2_all.deb ...
Unpacking python-funcsigs (0.4-2) ...
Selecting previously unselected package python-pbr.
Preparing to unpack .../python-pbr_1.8.0-4ubuntu1_all.deb ...
Unpacking python-pbr (1.8.0-4ubuntu1) ...
Selecting previously unselected package python-mock.
Preparing to unpack .../python-mock_1.3.0-2.1ubuntu1_all.deb ...
Unpacking python-mock (1.3.0-2.1ubuntu1) ...
Selecting previously unselected package python-urllib3.
Preparing to unpack .../python-urllib3_1.19.1-1+certbotxenial+1_all.deb ...
Unpacking python-urllib3 (1.19.1-1+certbot
xenial+1) ...
Selecting previously unselected package python-chardet.
Preparing to unpack .../python-chardet_2.3.0-2_all.deb ...
Unpacking python-chardet (2.3.0-2) ...
Selecting previously unselected package python-requests.
Preparing to unpack .../python-requests_2.12.4-1+certbotxenial+1_all.deb ...
Unpacking python-requests (2.12.4-1+certbot
xenial+1) ...
Selecting previously unselected package python-tz.
Preparing to unpack .../python-tz_2014.10dfsg1-0ubuntu2_all.deb ...
Unpacking python-tz (2014.10
dfsg1-0ubuntu2) ...
Selecting previously unselected package python-rfc3339.
Preparing to unpack .../python-rfc3339_1.0-4+certbotxenial+1_all.deb ...
Unpacking python-rfc3339 (1.0-4+certbot
xenial+1) ...
Selecting previously unselected package python-dnspython.
Preparing to unpack .../python-dnspython_1.15.0-1+certbotxenial+1_all.deb ...
Unpacking python-dnspython (1.15.0-1+certbot
xenial+1) ...
Selecting previously unselected package python-acme.
Preparing to unpack .../python-acme_0.17.0-1+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking python-acme (0.17.0-1+ubuntu16.04.1+certbot+1) ...
Selecting previously unselected package dialog.
Preparing to unpack .../dialog_1.3-20160209-1_amd64.deb ...
Unpacking dialog (1.3-20160209-1) ...
Selecting previously unselected package python-dialog.
Preparing to unpack .../python-dialog_3.3.0-2+certbotxenial+1_amd64.deb ...
Unpacking python-dialog (3.3.0-2+certbot
xenial+1) ...
Selecting previously unselected package python-ndg-httpsclient.
Preparing to unpack .../python-ndg-httpsclient_0.4.2-1+certbotxenial+1_all.deb ...
Unpacking python-ndg-httpsclient (0.4.2-1+certbot
xenial+1) ...
Selecting previously unselected package python-configargparse.
Preparing to unpack .../python-configargparse_0.11.0-1+certbotxenial+1_all.deb ...
Unpacking python-configargparse (0.11.0-1+certbot
xenial+1) ...
Selecting previously unselected package python-configobj.
Preparing to unpack .../python-configobj_5.0.6-2_all.deb ...
Unpacking python-configobj (5.0.6-2) ...
Selecting previously unselected package python-parsedatetime.
Preparing to unpack .../python-parsedatetime_2.1-3+certbotxenial+1_all.deb ...
Unpacking python-parsedatetime (2.1-3+certbot
xenial+1) ...
Selecting previously unselected package python-zope.event.
Preparing to unpack .../python-zope.event_4.2.0-1_all.deb ...
Unpacking python-zope.event (4.2.0-1) ...
Selecting previously unselected package python-zope.interface.
Preparing to unpack .../python-zope.interface_4.1.3-1build1_amd64.deb ...
Unpacking python-zope.interface (4.1.3-1build1) ...
Selecting previously unselected package python-zope.hookable.
Preparing to unpack .../python-zope.hookable_4.0.4-4build2_amd64.deb ...
Unpacking python-zope.hookable (4.0.4-4build2) ...
Selecting previously unselected package python-zope.component.
Preparing to unpack .../python-zope.component_4.2.2-1_all.deb ...
Unpacking python-zope.component (4.2.2-1) ...
Selecting previously unselected package python-certbot.
Preparing to unpack .../python-certbot_0.17.0-2+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking python-certbot (0.17.0-2+ubuntu16.04.1+certbot+1) ...
Selecting previously unselected package certbot.
Preparing to unpack .../certbot_0.17.0-2+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking certbot (0.17.0-2+ubuntu16.04.1+certbot+1) ...
Selecting previously unselected package fail2ban.
Preparing to unpack .../fail2ban_0.9.3-1_all.deb ...
Unpacking fail2ban (0.9.3-1) ...
Selecting previously unselected package netfilter-persistent.
Preparing to unpack .../netfilter-persistent_1.0.4_all.deb ...
Unpacking netfilter-persistent (1.0.4) ...
Selecting previously unselected package iptables-persistent.
Preparing to unpack .../iptables-persistent_1.0.4_all.deb ...
Unpacking iptables-persistent (1.0.4) ...
Selecting previously unselected package libtiff5:amd64.
Preparing to unpack .../libtiff5_4.0.6-1ubuntu0.2_amd64.deb ...
Unpacking libtiff5:amd64 (4.0.6-1ubuntu0.2) ...
Selecting previously unselected package libvpx3:amd64.
Preparing to unpack .../libvpx3_1.5.0-2ubuntu1_amd64.deb ...
Unpacking libvpx3:amd64 (1.5.0-2ubuntu1) ...
Selecting previously unselected package libxpm4:amd64.
Preparing to unpack .../libxpm4_1%3a3.5.11-1ubuntu0.16.04.1_amd64.deb ...
Unpacking libxpm4:amd64 (1:3.5.11-1ubuntu0.16.04.1) ...
Selecting previously unselected package libgd3:amd64.
Preparing to unpack .../libgd3_2.1.1-4ubuntu0.16.04.8_amd64.deb ...
Unpacking libgd3:amd64 (2.1.1-4ubuntu0.16.04.8) ...
Selecting previously unselected package libxslt1.1:amd64.
Preparing to unpack .../libxslt1.1_1.1.28-2.1ubuntu0.1_amd64.deb ...
Unpacking libxslt1.1:amd64 (1.1.28-2.1ubuntu0.1) ...
Selecting previously unselected package nginx-common.
Preparing to unpack .../nginx-common_1.10.3-0ubuntu0.16.04.2_all.deb ...
Unpacking nginx-common (1.10.3-0ubuntu0.16.04.2) ...
Selecting previously unselected package nginx-core.
Preparing to unpack .../nginx-core_1.10.3-0ubuntu0.16.04.2_amd64.deb ...
Unpacking nginx-core (1.10.3-0ubuntu0.16.04.2) ...
Selecting previously unselected package nginx.
Preparing to unpack .../nginx_1.10.3-0ubuntu0.16.04.2_all.deb ...
Unpacking nginx (1.10.3-0ubuntu0.16.04.2) ...
Selecting previously unselected package python-psutil.
Preparing to unpack .../python-psutil_5.0.1-1+certbotxenial+2_amd64.deb ...
Unpacking python-psutil (5.0.1-1+certbot
xenial+2) ...
Selecting previously unselected package python-pyicu.
Preparing to unpack .../python-pyicu_1.9.2-2build1_amd64.deb ...
Unpacking python-pyicu (1.9.2-2build1) ...
Selecting previously unselected package python3-pyinotify.
Preparing to unpack .../python3-pyinotify_0.9.6-0fakesync1_all.deb ...
Unpacking python3-pyinotify (0.9.6-0fakesync1) ...
Selecting previously unselected package whois.
Preparing to unpack .../whois_5.2.11_amd64.deb ...
Unpacking whois (5.2.11) ...
Selecting previously unselected package libhavege1:amd64.
Preparing to unpack .../libhavege1_1.9.1-3_amd64.deb ...
Unpacking libhavege1:amd64 (1.9.1-3) ...
Selecting previously unselected package haveged.
Preparing to unpack .../haveged_1.9.1-3_amd64.deb ...
Unpacking haveged (1.9.1-3) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for systemd (229-4ubuntu19) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for libc-bin (2.23-0ubuntu9) ...
Processing triggers for ufw (0.35-0ubuntu2) ...
Setting up libpython2.7-stdlib:amd64 (2.7.12-1ubuntu016.04.1) ...
Setting up python2.7 (2.7.12-1ubuntu0
16.04.1) ...
Setting up libpython-stdlib:amd64 (2.7.11-1) ...
Setting up python (2.7.11-1) ...
Setting up libjbig0:amd64 (2.1-3.1) ...
Setting up python-cffi-backend (1.10.0-0+certbotxenial+1) ...
Setting up python-enum34 (1.1.2-1) ...
Setting up python-idna (2.2-1+certbot
xenial+1) ...
Setting up python-ipaddress (1.0.17-1+certbotxenial+1) ...
Setting up python-pyasn1 (0.1.9-2+certbot
xenial+1) ...
Setting up python-pkg-resources (33.1.1-1+certbotxenial+1) ...
Setting up python-setuptools (33.1.1-1+certbot
xenial+1) ...
Setting up python-six (1.10.0-3+certbotxenial+1) ...
Setting up python-cryptography (1.7.1-2+certbot
xenial+1) ...
Setting up python-openssl (17.0.0-0+certbotxenial+1) ...
Setting up python-funcsigs (0.4-2) ...
Setting up python-pbr (1.8.0-4ubuntu1) ...
update-alternatives: using /usr/bin/python2-pbr to provide /usr/bin/pbr (pbr) in auto mode
Setting up python-mock (1.3.0-2.1ubuntu1) ...
Setting up python-urllib3 (1.19.1-1+certbot
xenial+1) ...
Setting up python-chardet (2.3.0-2) ...
Setting up python-requests (2.12.4-1+certbotxenial+1) ...
Setting up python-tz (2014.10
dfsg1-0ubuntu2) ...
Setting up python-rfc3339 (1.0-4+certbotxenial+1) ...
Setting up python-dnspython (1.15.0-1+certbot
xenial+1) ...
Setting up python-acme (0.17.0-1+ubuntu16.04.1+certbot+1) ...
Setting up dialog (1.3-20160209-1) ...
Setting up python-dialog (3.3.0-2+certbotxenial+1) ...
Setting up python-ndg-httpsclient (0.4.2-1+certbot
xenial+1) ...
Setting up python-configargparse (0.11.0-1+certbotxenial+1) ...
Setting up python-configobj (5.0.6-2) ...
Setting up python-parsedatetime (2.1-3+certbot
xenial+1) ...
Setting up python-zope.event (4.2.0-1) ...
Setting up python-zope.interface (4.1.3-1build1) ...
Setting up python-zope.hookable (4.0.4-4build2) ...
Setting up python-zope.component (4.2.2-1) ...
Setting up python-certbot (0.17.0-2+ubuntu16.04.1+certbot+1) ...
Setting up certbot (0.17.0-2+ubuntu16.04.1+certbot+1) ...
Setting up fail2ban (0.9.3-1) ...
Setting up netfilter-persistent (1.0.4) ...
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Setting up iptables-persistent (1.0.4) ...
Setting up libtiff5:amd64 (4.0.6-1ubuntu0.2) ...
Setting up libvpx3:amd64 (1.5.0-2ubuntu1) ...
Setting up libxpm4:amd64 (1:3.5.11-1ubuntu0.16.04.1) ...
Setting up libgd3:amd64 (2.1.1-4ubuntu0.16.04.8) ...
Setting up libxslt1.1:amd64 (1.1.28-2.1ubuntu0.1) ...
Setting up nginx-common (1.10.3-0ubuntu0.16.04.2) ...
Setting up nginx-core (1.10.3-0ubuntu0.16.04.2) ...
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
invoke-rc.d: initscript nginx, action "start" failed.
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2017-09-10 00:17:21 CEST; 8ms ago
Process: 18363 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Process: 18357 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)

Sep 10 00:17:20 ubnt nginx[18363]: nginx: [emerg] bind() to [::]:80 failed ...e)
Sep 10 00:17:20 ubnt nginx[18363]: nginx: [emerg] bind() to 0.0.0.0:80 fail...e)
Sep 10 00:17:20 ubnt nginx[18363]: nginx: [emerg] bind() to [::]:80 failed ...e)
Sep 10 00:17:21 ubnt nginx[18363]: nginx: [emerg] bind() to 0.0.0.0:80 fail...e)
Sep 10 00:17:21 ubnt nginx[18363]: nginx: [emerg] bind() to [::]:80 failed ...e)
Sep 10 00:17:21 ubnt nginx[18363]: nginx: [emerg] still could not bind()
Sep 10 00:17:21 ubnt systemd[1]: nginx.service: Control process exited, cod...=1
Sep 10 00:17:21 ubnt systemd[1]: Failed to start A high performance web ser...r.
Sep 10 00:17:21 ubnt systemd[1]: nginx.service: Unit entered failed state.
Sep 10 00:17:21 ubnt systemd[1]: nginx.service: Failed with result 'exit-code'.
Hint: Some lines were ellipsized, use -l to show in full.
dpkg: error processing package nginx-core (--configure):
subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of nginx:
nginx depends on nginx-core (>= 1.10.3-0ubuntu0.16.04.2) | nginx-full (>= 1.10.3-0ubuntu0.16.04.2) | nginx-light (>= 1.10.3-0ubuntu0.16.04.2) | nginx-extras (>= 1.10.3-0ubuntu0.16.04.2); however:
Package nginx-core is not configured yet.
Package nginx-full is not installed.
Package nginx-light is not installed.
Package nginx-extras is not installed.
nginx depends on nginx-core (<< 1.10.3-0ubuntu0.16.04.2.1~) | nginx-full (<< 1.10.3-0ubuntu0.16.04.2.1~) | nginx-light (<< 1.10.3-0ubuntu0.16.04.2.1~) | nginx-extras (<< 1.10.3-0ubuntu0.16.04.2.1~); however:
Package nginx-core is not configured yet.
Package nginx-full is not installed.
Package nginx-light is not installed.
Package nginx-extras is not installed.

dpkg: error processing package nginx (--configure):
dependency problems - leaving unconfigured
Setting up python-psutil (5.0.1-1+certbot~xenial+2) ...
No apport report written because the error message indicates its a followup error from a previous failure.
Setting up python-pyicu (1.9.2-2build1) ...
Setting up python3-pyinotify (0.9.6-0fakesync1) ...
Setting up whois (5.2.11) ...
Setting up libhavege1:amd64 (1.9.1-3) ...
Setting up haveged (1.9.1-3) ...
Processing triggers for libc-bin (2.23-0ubuntu9) ...
Processing triggers for systemd (229-4ubuntu19) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for ufw (0.35-0ubuntu2) ...
Errors were encountered while processing:
nginx-core
nginx
E: Sub-process /usr/bin/dpkg returned an error code (1)
./le-install.sh: 92: read: Illegal option -n

./le-install.sh: 94: ./le-install.sh: [[: not found
-e Requesting Certificate for ubnt.domain.nl
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ubnt.domain.nl
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

IMPORTANT NOTES:

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
    Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
    -e Adding certificate to UniFi Controller for ubnt.domain.nl
    Error opening input file /etc/letsencrypt/live/ubnt.domain.nl/cert.pem
    /etc/letsencrypt/live/ubnt.domain.nl/cert.pem: No such file or directory
    keytool error: java.io.FileNotFoundException: /etc/letsencrypt/live/ubnt.domain.nl/keys.p12 (No such file or directory)
    Generating DH parameters, 4096 bit long safe prime, generator 2
    This is going to take a long time
    .........................................................................................................................................................................................................................................................................................................................................................+.......................................................................................................+......................................................................................................................................................................................................................................................+.....................................................................................................................................................+.......................................................................................................................................................................................................................+................................................................................+......................................................................................................................................................................................................................................................+....................................................................................................................................................................................+.............................................................+.........+.........................................................................................................................................................................................................................................................+............................+....................................................................................................................................................................................................................+..............................................................................................................................................................................................................................................+.................................................................................................................................................................................................................+........................................................................................................................................................................................................................................................................+...................................................+.........................+.........................................................................................................................................................................................+........................................................................+...............................+..............................................................................................................................................................................................................................................................................................+........................................................................................................................+.............................................................+................................................................................................................................................................+....+....................................................................................................................+........+.............................................................................................................................................................................................................................................................................................................................+...................................................................................................................................................+......................................................................................................................................................................................................................................................+................................................................................................................................................................+.............................................................................................................................................................................................................................................................................................................................................................................................................+............................................................................................................................................................+.............................................................................................................................................................................................................+....................................................................................................................................................+.................................................................................................................................................+..................................................................................................................................................................................................................................................................................................................+..................................................................................................................+............+.......................................................................................................................................................+.................................................................................+...............................................................................................................+...................................................................................................................................................................................................................+.............................................................................................................................................................................................................................................+....................................................................................................................................................................................+.......................................................................................................................................................................................................+....................................................+...............................................................................................................................................................+.......................................................................................................................................+..........................................................................................................................................................................................................................................................................................................................................................................................................+..............................................................+..................+.....................................................................................................................................................................................................................................................................................................................................................................+...................................................................................................................................................................................................................................................................................................................................................+....................+....................................................+.......................................................................................................+.........................................+.................................................................................................................................+.....................................................................................................................................................................................+.......................................................................+..............................+.......................................................................................................................................................+.+....+.....................................+................................+....................................................................................................................................................................................................................................................................................................................................+...+....+..................................................................................................................................................................................................................................................................................................................................................................................................................................+...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+................................................................................................................................................................................................................................................................................+...............................................................................................................................................................................................................................................................................................................................+..........................................................................................................+........................................+.............................+............................................................................................................................................................................................................+.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+..................................................................................................................................................................................+......................................................................................................................................................................................................................+......................................+............................................................................................................................................................+................................................................................................+...................................................................+......................................................................................................................+....................................................................................................................................................................................................+..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+............................................................................................................................................................................+.............................................................................................................................................................................................+........................................................................+........................................................................................................................................................................................................++++
    -e Writing nginx proxy configuration
    Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
    -e Writing Crontab for LetsEncrypt renewals to /etc/cron.monthly/le-unifi-renew
    ./le-install.sh: 169: ./le-install.sh: Syntax error: Unterminated quoted string

@stevenhorner
Copy link

I received the same Syntax error at the end of the script but did appear to work:
./le-install.sh: 169: ./le-install.sh: Syntax error: Unterminated quoted string

@kelsotodd
Copy link

The cronjob needs to have the --preferred-challenges flag instead of --standalone-supported-challenges.

The correct flag is used on the initial creation of the certificate.

@hisnameisjimmy
Copy link
Author

hisnameisjimmy commented Feb 26, 2018

@stevenhorner & @Theolodewijk - Thanks for the heads up on this (although, unfortunately, I hadn't looked at this script in quite a while and didn't see these comments, perhaps time to look at my notification settings). This is now fixed in the latest version.

@kelsotodd Thank you for pointing this out, I went ahead and fixed this.

Copy link

ghost commented Mar 1, 2018

Hi there, I get a kernel error: "Kernel version not supported This version of the GNU libc requires kernel version 3.2 or later. Older versions might work but are not officially supported. Please consider upgrading your kernel"

@ikrudolf
Copy link

ikrudolf commented Mar 1, 2018

Hi there, I get a kernel error: "Kernel version not supported This version of the GNU libc requires kernel version 3.2 or later. Older versions might work but are not officially supported. Please consider upgrading your kernel" (It's a 1GB ram VPS)

@hisnameisjimmy
Copy link
Author

@ikrudolf Where are you deploying this? I’ve only tested on Digital Ocean with Ubuntu 16.04.

@Nicholas-Wilson-YourIoT

Thanks for this script, it worked great on an OVH VPS running Ubuntu 16.04.

I would suggest decapitalising the domain and email as I stuffed up by putting a capital in the domain and then the domain won't exist when you add the key file because lets encrypt decapitalises it. For example, if I enter MyDomain.com lets encrypt creates /etc/letsencrypt/live/mydomain.com/privkey.pem but your script tries /etc/letsencrypt/live/MyDomain.com/privkey.pem which fails because I am stupid.

I would add:

read name
NAME="${name,,}"

and

read email
EMAIL="${email,,}"

Also:
iptables -A INPUT -p tcp --dport 27117 -j ACCEPT
is a super bad thing to have there as that is the mongoDB port on the internet. I don't believe you need it as the port is only used for loopback connections. If you really want to keep it then perhaps change it to:
iptables -A INPUT -p tcp --dport 27117 -i lo -j ACCEPT to allow connections only from the local interface.

Realistically I would drop it back to the bare minimum of ports in the gray box here:
https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used

Thanks for the script, it saved a lot of time.

@Tricom114
Copy link

Works great but when I try to connect my Android device to the guest portal using the secure portal and redirect using the hostname, I get the error that "The network you're trying to join has security issues." This is only happening on Android. Windows PC an Laptop works fine.

@javielico
Copy link

javielico commented May 14, 2018

Hi there, the script works great but I can't load the site just keeps getting 502 Bad Gateway even after restarting unifi service. Just to add that I'm running Ubuntu 16.04 with 256MB of RAM.

@gouthamravee
Copy link

@javidotpro 256mb is way too low for the cloud controller. You need at least 1GB, you can get away with 512MB but 1GB is recommended.

@hpogosyan
Copy link

Getting an invalid certificate error in Chrome/Safari:
https://www.dropbox.com/s/9w2q8xmoekhj201/Screenshot%202018-08-01%2017.21.14.png?dl=0

Looks like it's still using the self signed cert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment