I recently got a Unifi Dream Router as an upgrade from the Unifi Security Gateway.
One of the differences is that the controller is hosted on the router itself, i quite often use the local access as opposed to going via unifi.ui.com. Since this is exposed locally on 443, i wanted to be able to access it without errors regarding invalid SSL certificates.
I found it was quite easy to provide a valid SSL certificate. I already have a wildcard certificate or *.gsellis.com, so I set a hostname in the internal DNS, and then copied over the wildcard cert and key to the UDR:
scp privkey.pem fullchain.pem email@example.com:/tmp/
Then SSH into the UDR using credentials set in the controller, and navigate to /data/unifi-core/config and replace unifi-core.crt with fullchain.pem and unifi-core.key with privkey.pem. Once done you can restart the UI with:
systemctl restart unifi-core
And then navigate to the DNS name you set earlier and hopefully see a valid certificate:
Obviously this will need replacing each time the certificate expires, though i hope to setup a custom configuration in acme.sh to handle this.