Jump to content

Search the Community

Showing results for tags 'letsencrypt'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support

Blogs

  • Emby Blog

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 7 results

  1. NB: This script only supports debian O/S, and debian based distributions (ubuntu etc). The script requires systemctl and apt which is present in all newer distributions. This script will probably not work as intended on Debian below v7 and Ubuntu below 14. A while back I created a script that will: Check if Apache and/or Nginx is running, and if running stop them. Disable UFW (firewall). Flush iptables. Check if certbot is installed, and if not, install it. Check if certificate is located in the emby directory, and if found, delete it. Ask for your FQDN of your emby server. Create a new certificate that's valid for 90 days. Convert the certificate to PFX and copy it to your emby directory. Ask for your emby group and user and change permissions of the PFX to the specified user (default is emby). Re-enable UFW (firewall). Re-enable Apache and/or Nginx (if it was stopped). Restart the Emby system service. After you have downloaded and placed the script on your server, you must unzip it and give the script execution permission. To do that, run the command: unzip embycert.zip && chmod +x embycert.sh This script should be run every 3 months to keep your certificate up-to-date. This script MUST be run as root with either SU or SUDO. SUDO is not native in Debian, and I would recommend to run this script it as root. NB: After installation, you must define the path to the certificate (under Network tab) which is: /var/lib/emby/emby.pfx and then again manually restart the emby server system service. Remember, if the FQDN is not typed correctly, the installation will fail, so be sure to spell it correctly, and make sure that the A record is valid and working. embycert.sh
  2. atlas780

    SSL not working after cert renewal

    Hey, I had it setup for a while with an Letsencrypt Certificate converted into p12. It worked flawlessly. Then my cert ran out and I had to renew it. So i did "certbot --renew" which worked and converted it into a p12 with openssl pkcs12 -export -out certificate.p12 -inkey privkey.pem -in cert.pem -certfile fullchain.pem But sinse then HTTPS is not working: (Sorry for German) I already tried to change the path, the certfile has all rights and I have no idea why it's not working. Also in the Dashboard it's not shown with HTTPS: The logs are attached. Maybe someone here has an idea. Thanks in Advance! embyserver.txt ffmpeg-remux-fee6f20e-34b8-41bf-8c2b-f9d6f324abf5_1.txt ffmpeg-transcode-ffc235e7-a070-4e74-965f-9e8f183059c8_1.txt hardware_detection-63715285219.txt
  3. Hello everybody, I started to use Emby like every others services i use with docker. For that i use : nginx-proxy (generate automatically nginx config file see below) docker-letsencrypt-nginx-proxy-companion My docker compose for emby : version: '2' services: emby: container_name: emby image: emby/embyserver:latest restart: unless-stopped volumes: - ${LOCAL_DATA_DIR}:/config - ${LOCAL_MEDIA_DIR}/movies:/movies - ${LOCAL_MEDIA_DIR}/tvshows:/tvshows environment: GID: 1000 UID: 1000 VIRTUAL_HOST: emby.xxx.xxx VIRTUAL_PORT: 8096 LETSENCRYPT_HOST: emby.xxx.xxx LETSENCRYPT_EMAIL: my.mail@[member="xxx"].xxx networks: default: external: name: webproxy That's generate the following nginx configuration: # emby.xxx.xxx upstream emby.xxx.xxx { ## Can be connected with "webproxy" network # emby server 172.18.0.18:8096; } server { server_name emby.xxx.xxx; listen 80 ; access_log /var/log/nginx/access.log vhost; return 301 https://$host$request_uri; } server { server_name emby.xxx.xxx; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS'; ssl_prefer_server_ciphers on; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/emby.xxx.xxx.crt; ssl_certificate_key /etc/nginx/certs/emby.xxx.xxx.key; ssl_dhparam /etc/nginx/certs/emby.xxx.xxx.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/emby.xxx.xxx.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://emby.xxx.xxx; } } But with configuration I have some trouble like Timeout for validating my license key, or like Check for plugin updates failed Connection to https://www.mb3admin.com/admin/service/EmbyPackages.json timed out at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod) at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod) at Emby.Server.Implementations.Updates.InstallationManager.GetAvailablePackagesWithoutRegistrationInfo(Boolean enableCache, CancellationToken cancellationToken) at Emby.Server.Implementations.Updates.InstallationManager.GetAvailablePluginUpdates(Version applicationVersion, CancellationToken cancellationToken) at Emby.Server.Implementations.ScheduledTasks.PluginUpdateTask.Execute(CancellationToken cancellationToken, IProgress`1 progress) at Emby.Server.Implementations.ScheduledTasks.ScheduledTaskWorker.ExecuteInternal(TaskOptions options) Is there a way to avoid docker host network mode ? Thank in advance
  4. So I am looking to migrate from plex to emby and so far so good, still needing a lot of testing. However one thing that is keeping me from migrating is the SSL encryption. With Plex, they actually provide their own proxy and they pay for the encryption and Emby seems like you have to have provide your own domain with SSL cert. With letsencrypt being main stream and free, this is fine and dandy. However, the way I understand their certs, they are only good for 90 days I believe and then you have to renew (again for free). This is quite an administrative task to do this every three months. Letsencrypt does have API to be able to do renew if you have an account. So my feature request would be to add the ability in emby to enter your lets encrypt credentials and have emby renew the cert automatically via letsencrypt api so this does not have to be done manually. I am curious if anyone else has found a better alternative to this.
  5. How to secure Emby using LetsEncrypt and Nginx Reverse Proxy by modifying Docker containers in Openmediavault. https://youtu.be/jYoDyoH2C0A
  6. Hi i would like to know if its possible to reuse my certificate LetsEncrypt from my NAS TS-251 to connect through https ? i tried to put the path of the cert certificate but its not working. here is what i have Custom SSL certificate path: /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/cert error after restarting EmbyServer 2019-01-05 12:05:44.470 Info AuthenticationRepository: PRAGMA synchronous=1 2019-01-05 12:05:44.526 Error App: No private key included in SSL cert /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/cert. 2019-01-05 12:05:44.737 Info ActivityRepository: Default journal_mode for /share/CACHEDEV1_DATA/.qpkg/EmbyServer/programdata/data/activitylog.db is wal and in my web page Secure Connection Failed The connection to xxxxxxxxxxxxxxx.myqnapcloud.com:yyyyyy was interrupted while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. thanks for your help ade05fr
  7. Hello I am using Emby in a docker container that I am trying to set up with https connection. I was able to set it up but it took me some time since I was trying to use certificates generated by letsencrypt. Once I generated the cert and private key with it i ran openSSL to create the pfx file. The "issue" that I am having is that Chrome is not giving the connection a green light. I would really like to get the green verified https since my family will be using it and I dont want to explain to everyone what this means.
×
×
  • Create New...