diff --git a/.functions/unifi.sh b/.functions/unifi.sh
new file mode 100644
index 0000000..6311d62
--- /dev/null
+++ b/.functions/unifi.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+function unifi_update_cert(){
+    NAMESPACE=unifi
+    DEPLOYMENT=unifi
+    P12_TEMP=/tmp/p12_temp
+    ALIAS=unifi
+    PASSWORD=aircontrolenterprise
+    KEYSTORE=/unifi/data/keystore
+    SIGNED_CRT=/etc/letsencrypt/tls.crt
+    CHAIN_FILE=/etc/letsencrypt-pem/isrgrootx1.pem
+    PRIV_KEY=/etc/letsencrypt/tls.key
+
+    POD=$(kubectl -n "$NAMESPACE" get pod --selector=app.kubernetes.io/name=unifi --template "{{range .items}}{{.metadata.name}}{{\"\n\"}}{{end}}")
+
+
+    kubectl -n "$NAMESPACE" exec -it "$POD" -- bash -c "keytool -delete -alias ${ALIAS} -keystore ${KEYSTORE} -deststorepass ${PASSWORD}"
+    kubectl -n "$NAMESPACE" exec -it "$POD" -- bash -c "openssl pkcs12 -export \
+            -in ${CHAIN_FILE} \
+            -in ${SIGNED_CRT} \
+            -inkey ${PRIV_KEY} \
+            -out ${P12_TEMP} -passout pass:${PASSWORD} \
+            -name ${ALIAS}"
+    kubectl -n "$NAMESPACE" exec -it "$POD" -- bash -c "keytool -importkeystore \
+            -srckeystore ${P12_TEMP} -srcstoretype PKCS12 \
+            -srcstorepass ${PASSWORD} \
+            -destkeystore ${KEYSTORE} \
+            -deststorepass ${PASSWORD} \
+            -destkeypass ${PASSWORD} \
+            -alias ${ALIAS} -trustcacerts"
+
+    kubectl -n "$NAMESPACE" scale deployment "$DEPLOYMENT" --replicas=0
+    echo "sleeping 20 sec"
+    sleep 20
+    kubectl -n "$NAMESPACE" scale deployment "$DEPLOYMENT" --replicas=1
+}