Search the Community
Showing results for tags 'ssl error'.
-
I have installed Emby on Ubuntu server 20.04.1 and generated an SSL cert for it for remote use. I generated the cert using OpenSSH for the cert request and Zero SSL for the certificate issuance. Once the cert was created, I downloaded and installed it at /etc/ssl. So now the /etc/ssl path has ca_bundle.crt, certificate.crt and my private key. Then I configured Emby to use SSL and pointed it certificate.crt and restarted Emby. It is not working over SSL (of course, it works fine over 8096). When I looked at Emby's logs, I see: "2020-08-26 14:34:13.628 Error App: No private key included in SSL cert /etc/ssl/certificate.crt." The private key is in the same directory. Any ideas about what I am doing wrong here? Thanks, Bob Reed
-
What I have done so far, I have a domain name purchased from namecheap i'll call it <mydomain> I used namecheap's DDNS on my emby server which creates an A record on the domain. for whatever reason, I had to use www.<mydomain>.com I don't know why but i had to add the www's to get it to work, I had also tried @<mydomain>.com but it would never update I have let this run for a week so everything should be updated and ready to go On my router I forwarded ports 80 and 443 to the emby server with my particular router I can't figure out a way to permit it through the firewall but my test has the firewall turned off so I dont think it is causing the issue. Emby's setting local http 8096 https 8920 public http 80 https 443 allow remote is checked caddy v2 I downloaded the zip, unzipped it on the root directory. Created the extension-less "caddyfile" its contents are, { email <mygmail>@gmail.com } www.<mydomain>.com { reverse_proxy http://192.168.0.18:80 } I know I can use localhost instead of the IP, this should work though because I know it's internal IP and I have it set to not change as I use it to connect using RDP. Running everything I use command prompt and navigate to the Caddy directory with router firewall on and the server's firewall off, I run # caddy run C:\Caddy>caddy run 2020/06/21 14:46:17.402 [34mINFO[0m using adjacent Caddyfile 2020/06/21 14:46:17.413 [34mINFO[0m admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["localhost:2019"]} 2020/06/21 08:46:17 [INFO][cache:0xc0005ff7c0] Started certificate maintenance routine 2020/06/21 14:46:17.415 [34mINFO[0m http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443} 2020/06/21 14:46:17.415 [34mINFO[0m http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"} 2020/06/21 14:46:17.418 [34mINFO[0m tls cleaned up storage units 2020/06/21 14:46:17.418 [34mINFO[0m http enabling automatic TLS certificate management {"domains": ["www.<mydomain>.com"]} 2020/06/21 08:46:17 [INFO][www.<mydomain>.com] Obtain certificate; acquiring lock... 2020/06/21 14:46:17.425 [34mINFO[0m autosaved config {"file": "C:\\Users\\<myuser>\\AppData\\Roaming\\Caddy\\autosave.json"} 2020/06/21 14:46:17.428 [34mINFO[0m serving initial configuration 2020/06/21 08:46:17 [INFO][www.<mydomain>.com] Obtain: Lock acquired; proceeding... 2020/06/21 08:46:17 [INFO][www.<mydomain>.com] Waiting on rate limiter... 2020/06/21 08:46:17 [INFO][www.<mydomain>.com] Done waiting 2020/06/21 08:46:17 [INFO] [www.<mydomain>.com] acme: Obtaining bundled SAN certificate given a CSR 2020/06/21 08:46:18 [INFO] [www.<mydomain>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387022605 2020/06/21 08:46:18 [INFO] [www.<mydomain>.com] acme: Could not find solver for: tls-alpn-01 2020/06/21 08:46:18 [INFO] [www.<mydomain>.com] acme: use http-01 solver 2020/06/21 08:46:18 [INFO] [www.<mydomain>.com] acme: Trying to solve HTTP-01 2020/06/21 08:46:25 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387022605 2020/06/21 08:46:25 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387022605 2020/06/21 08:46:25 [ERROR] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://www.<mydomain>.com/.well-known/acme-challenge/P-jvWvwSBjkK_9PQepBe5puAo_TLpsdonnZVunocu-I: Connection reset by peer, url: (challenge=http-01 remaining=[tls-alpn-01]) 2020/06/21 08:46:27 [INFO] [www.<mydomain>.com] acme: Obtaining bundled SAN certificate given a CSR 2020/06/21 08:46:27 [INFO] [www.<mydomain>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387024673 2020/06/21 08:46:27 [INFO] [www.<mydomain>.com] acme: use tls-alpn-01 solver 2020/06/21 08:46:27 [INFO] [www.<mydomain>.com] acme: Trying to solve TLS-ALPN-01 2020/06/21 08:46:28 http: TLS handshake error from 127.0.0.1:61875: EOF 2020/06/21 08:46:28 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387024673 2020/06/21 08:46:28 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387024673 2020/06/21 08:46:28 [ERROR] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused, url: (challenge=tls-alpn-01 remaining=[]) 2020/06/21 08:46:30 [ERROR] attempt 1: [www.<mydomain>.com] Obtain: [www.<mydomain>.com] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused, url: - retrying in 1m0s (13.0492981s/720h0m0s elapsed)... 2020/06/21 14:46:34.960 [34mINFO[0m shutting down {"signal": "SIGINT"} 2020/06/21 08:46:34 [INFO][cache:0xc0005ff7c0] Stopped certificate maintenance routine 2020/06/21 08:46:34 [INFO][www.<mydomain>.com] Obtain: Releasing lock 2020/06/21 14:46:34.963 [34mINFO[0m shutdown done {"signal": "SIGINT"} with both router and caddy server's firewalls off I run caddy and it does this, C:\Caddy>caddy run 2020/06/21 14:47:55.788 [34mINFO[0m using adjacent Caddyfile 2020/06/21 14:47:55.794 [34mINFO[0m admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["localhost:2019"]} 2020/06/21 14:47:55.795 [34mINFO[0m http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443} 2020/06/21 14:47:55.795 [34mINFO[0m http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"} 2020/06/21 08:47:55 [INFO][cache:0xc0002e3b80] Started certificate maintenance routine 2020/06/21 14:47:55.796 [34mINFO[0m http enabling automatic TLS certificate management {"domains": ["www.<mydomain>.com"]} 2020/06/21 14:47:55.797 [34mINFO[0m tls cleaned up storage units 2020/06/21 14:47:55.798 [34mINFO[0m autosaved config {"file": "C:\\Users\\<myuser>\\AppData\\Roaming\\Caddy\\autosave.json"} 2020/06/21 14:47:55.799 [34mINFO[0m serving initial configuration 2020/06/21 08:47:55 [INFO][www.<mydomain>.com] Obtain certificate; acquiring lock... 2020/06/21 08:47:55 [INFO][www.<mydomain>.com] Obtain: Lock acquired; proceeding... 2020/06/21 08:47:55 [INFO][www.<mydomain>.com] Waiting on rate limiter... 2020/06/21 08:47:55 [INFO][www.<mydomain>.com] Done waiting 2020/06/21 08:47:55 [INFO] [www.<mydomain>.com] acme: Obtaining bundled SAN certificate given a CSR 2020/06/21 08:47:56 [INFO] [www.<mydomain>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387042878 2020/06/21 08:47:56 [INFO] [www.<mydomain>.com] acme: Could not find solver for: tls-alpn-01 2020/06/21 08:47:56 [INFO] [www.<mydomain>.com] acme: use http-01 solver 2020/06/21 08:47:56 [INFO] [www.<mydomain>.com] acme: Trying to solve HTTP-01 2020/06/21 08:48:03 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387042878 2020/06/21 08:48:03 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387042878 2020/06/21 08:48:03 [ERROR] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://www.<mydomain>.com/.well-known/acme-challenge/fZqo0DmEmVjo9sElqDlmfJv6r_y50shAJ87QeOgb_rE: Connection reset by peer, url: (challenge=http-01 remaining=[tls-alpn-01]) 2020/06/21 08:48:05 [INFO] [www.<mydomain>.com] acme: Obtaining bundled SAN certificate given a CSR 2020/06/21 08:48:06 [INFO] [www.<mydomain>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387045568 2020/06/21 08:48:06 [INFO] [www.<mydomain>.com] acme: use tls-alpn-01 solver 2020/06/21 08:48:06 [INFO] [www.<mydomain>.com] acme: Trying to solve TLS-ALPN-01 2020/06/21 08:48:06 http: TLS handshake error from 127.0.0.1:62306: EOF 2020/06/21 08:48:11 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387045568 2020/06/21 08:48:11 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387045568 2020/06/21 08:48:11 [ERROR] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused, url: (challenge=tls-alpn-01 remaining=[]) 2020/06/21 08:48:13 [ERROR] attempt 1: [www.<mydomain>.com] Obtain: [www.<mydomain>.com] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused, url: - retrying in 1m0s (17.8656781s/720h0m0s elapsed)... 2020/06/21 14:48:24.865 [34mINFO[0m shutting down {"signal": "SIGINT"} 2020/06/21 08:48:24 [INFO][cache:0xc0002e3b80] Stopped certificate maintenance routine 2020/06/21 08:48:24 [INFO][www.<mydomain>.com] Obtain: Releasing lock 2020/06/21 14:48:24.867 [34mINFO[0m shutdown done {"signal": "SIGINT"} The emby server is running windows server 2019 like a lot of server's it doesn't have any additional antivirus or firewall beyond windows defender. This is what I am referring to when I say in the test that the firewall is turned off. Both Private and Public network settings are set to 'Turn off Windows Defender Firewall'. Any help with why this isn't working would be appreciated. If I left out anything that is important please let me know. I am unfamiliar with all of this so if I didn't mention it I almost certainly didn't do it.
- 25 replies