Search the Community

Greetings, I recently purchased the Emby Premiere lifetime license and have been transitioning from Jellyfin to Emby due to better support. So far, the experience has been positive, but I’ve encountered a problem I can’t seem to resolve. I prefer to access my Emby server through a web browser rather than the apps, as the browser offers tools like image capture and translation features, which allow me to interact directly with the server. However, the constant message stating "this site is not secure" has become very annoying. For context, I’m hosting my Emby server on a Synology NAS. I set up a local DNS address using Synology's DNS server to ensure I can access the server even during internet outages. The DNS address I created is nas.angelsing.local.lan, which is directly linked to the NAS’s local IP. This setup allows me to access the server locally without relying on internet connectivity. The problem is that browsers detect this DNS address as insecure. To address this, I tried creating a self-signed SSL certificate using OpenSSL on Windows. This process generated two files: .crt and .key. I imported the .crt file into the Windows certificate manager to make it trusted by my machine. I also merged the .crt and .key files into a .pfx file, as Emby requires this format for SSL certificates. I uploaded the .pfx file to an accessible folder on the NAS and configured the certificate path in Emby’s Network settings. With this, I was able to access the server using https://nas.angelsing.local.lan:8920. However, the browser warning about the site being insecure still appears (tested on Edge). While I can access the server, the browser continues to flag the connection as not secure. It’s worth noting that I have another certificate issued by Synology for my public DDNS address xxx.DDNS.synology, which works perfectly for remote connections. However, I specifically need a solution for my local address nas.angelsing.local.lan so that browsers stop showing this warning when accessing the server locally. Has anyone encountered a similar issue or knows how to obtain a certificate that is recognized as secure by browsers for local addresses? Is there something I need to configure additionally on the NAS or in Emby to resolve this? I’d greatly appreciate any guidance or advice. Thank you in advance!

hola!! tengo linux mint 22 ya instale los certificados con cerbots estan creados fullchain y keypath pero emby no lo reconoce apunte emby a /etc/ssl/certs/emby-selfsigned.crt no tengo claridad si es lo correcto me pueden ayudar por favor

I switched my nginx version to mainline and forgot to install the certbot plugin, so of course the certbot update failed.. I fixed the problem but what I now what I see is strange... this: root@Inet~/bin certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: <redacted>.com Serial Number: <redacted> Key Type: RSA Domains: <redacted>.com Expiry Date: 2024-09-06 22:56:44+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/<redacted>.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/<redacted>.com/privkey.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - and this: So why do the browsers say the cert is good for 1 year and certbot says 3 months? Also why is NordVPN the issuer? NordVPN is not and has not ever been installed on my internet ('Inet') server... Although when i renewed this manually I was ssh'ing from a win 11 VM (with NordVPN enabled) on Proxmox to my Debian internet ('Inet') server... ...Internet searches gave me no clarity so I thought I'd ask here...

Hi ich hab einen Emby Server auf meinem DS218+ laufen und würde ihn endlich gerne von außerhalb erreichbar machen und auch mit SSL. Mein Syno ist bereits von außen über eine Synology DDNS erreichbar, wie auch die VS, die ja durch den Emby Server ersetzt werden soll. Doch leider kann ich trotz sämtlichen Tutorials den Emby nicht mal über HTTP über meine Domain von außerhalb oder auch innerhalb erreichen.. Getestet hab ich dies mit der aktuellen Androide-App von Emby (Außerhalb wie auch innerhalb des eigenen Netzes). Zudem kann ich aus irgendeinem Grund den Zertifikatspfad auch nicht angeben, bzw. der Emby Server akzeptiert den Pfad nicht, egal wie ich ihn schreibe. Und über die Lupe verschwindet jedes Mal die Ordnerstruktur, sobald ich in einen zweiten Ordner gehe.. (Siehe Bilder) Oder benötige ich damit dies überhaupt funktioniert Emby Primere???? Bin langsam ziemlich ratlos.. embyserver.txt

After viewing the other thread for setting Emby server via IIS with auto renewed SSL Cert, I've decided to share my personal approach (no IIS) for non-advanced users: I kept the default Windows Installation of Emby. I setup a local scheduled job to back up the configuration files for Emby Server, so if I need to reinstall Emby one day, all configuration files are available from separate machine. I chose not to use IIS as I don't want to have the hard dependency between Emby Server with the Windows machine. I run the Emby server as it is, so the port 8096 and 8920 remain the same as its default setting. I do use the Port Forwarding feature on my router to expose the Emby server port 8920 (HTTPS) and/or 8096 (HTTP) to public. To be a bit more secured, you may choose to expose only the HTTPS port 8920 to public. You might want to ensure the firewall does not block these ports. I registered a free account on noip.com, as it offers me free DDNS hostname + a free SSL Certificate. I applied this free SSL Cert, downloaded the certificate file to the windows machine, and configured directly on my Emby server configuration page to use the corresponding SSL cert file with password. From the public to access my home Emby Server, the url will just be my free DDNS url + the port I chose to expose. It is a valid public URL with valid SSL Certificate. With such configuration pattern, the only risk is within the Windows Machine. If it is for any reason broken, all I have to do is: Install Emby Server for Windows, restore the configuration files from backup, copy SSL cert to the Emby server hosting machine Configure Router port forwarding from the Windows Machine IP, make sure the Windows machine firewall does not block the ports you want to expose Pros vs Cons: It has less dependency on the Windows Machine itself, and swapping to a new Windows machine would be easy as well. No configuration required for IIS and its required components. Emby comes with its web layer hosting, so for personal users it is a bit of overkill to setup another IIS layer. noip.com offers free tier users the DDNS service with a free SSL Certificate, so why not take the advantage of that. Of course, we might not get the "SSL auto renewal" part, but for an Emby home user/personal user, how much value we are saving by setting up the SSL auto renewal? You need to have certain knowledge of how to apply for the SSL cert on noip.com website. https://www.noip.com/support/knowledgebase/configure-trustcor-standard-dv-ssl/

I've seen guides for end users to setup secure access to Emby, however this might be more readily adopted if Emby could automatically handle the certificate installation. I found Kestrel/.NET implementation called LettuceEncrypt that might be a good basis to start with.

I have successfully made my Emby (Windows) Server to work with a valid SSL Cert. The goal of applying SSL Cert is to enable the HTTPS access from WAN, but I also want to disable the HTTP access (port 8096). I want all remote access from WAN to go through HTTPS only. Now, I can access my home emby server from WAN network via HTTPS url on port 8920. However, on my dashboard page, the External Url link is still showing the HTTP version of external link. Is there a way to configure my dashboard to display only the HTTPS version url?