Well I was trying to upgrade my ubiquity access point’s firmware from 3.7.x.x to version 4.0.x.x

The struggle was it was not getting upgraded from the wireless controller and on the controller it was showing as updating but it never did the update. It was either in an update loop/stuck in the update process. Made couple of reboot attempt on the AP and it was not helpful.

Finally stumbled up on the ubiquity forum to perform the firmware upgrade from the ssh. So I order to do the manual firmware upgrade we need to reset the access point first (Pressing the reset button for 10 seconds) Once it’s done you can see the APs from the controller. If you try to adopt the AP it will only give an option to Adopt and Update. If you do this then it will go in to the same loop again.

So what I have done is, SSH to the AP using putty and performed the upgrade from there. You don’t need to worry about any upgrade paths from 3.7 to 4.0. The upgrade just works straight to the latest version available.

Below are the steps that need to be done on the SSH to do the upgrade.

  1. Login to the AP using Putty.
  2. Enter the ID and Password as ubnt and ubnt respectively.
  3. Then type in Upgrade “Url of the relevant firmware”¬†– Once you press enter it will begin the upgrade process and reboot the AP accordingly.
  4. You can get the firmware URL from the Ubiquity website 
  5. When you copy the URL from the website and try to upgrade you will get an error message as below.

BZ.v3.7.21# upgrade https://dl.ui.com/unifi/firmware/BZ2/ –no-check-certificate
Downloading firmware from ‘https://dl.ui.com/unifi/firmware/BZ2/’.

–2020-03-09 14:07:59– https://dl.ui.com/unifi/firmware/BZ2/
Resolving dl.ui.com…
Connecting to dl.ui.com||:443… connected.
ERROR: cannot verify dl.ui.com’s certificate, issued by `/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon’:
Unable to locally verify the issuer’s authority.
To connect to dl.ui.com insecurely, use `–no-check-certificate’.
Unable to establish SSL connection.
Image short, header truncated.
Invalid firmware.

But you can simply remove the https and put only http on the url to bypass this check and successfully update the firmware.

Once the AP has been rebooted you can open the wireless controller again and then find your AP from the console and simply adopt the device and complete the configuration.

Hope this helps someone to save some time.

Leave a Reply

Your email address will not be published. Required fields are marked *