Search the Community
Showing results for tags 'ssl https letsencrypt'.
-
hi guys my isp has blocked port 80 and I'm unable to authorize my certificates for my ddns. for the sake of the noob users on my network it would be helpful if your apps would automatically accept self signed certificates. i understand this is not possible in web browsers but surely its possible in your apps on smart tv's and consoles etc.... i have recently had to give plex my money which i am not happy about. i dont want to stop supporting emby however if i cant use the secure connections its of no real use to me anymore.
- 3 replies
-
- ssl https letsencrypt
- ssl
-
(and 5 more)
 Tagged with:
-
Hey everyone, I wanted to post this due to what I feel is a lack of simple/easy to access posts on the topic. Other people with much more knowledge than I have posted on it before, but I want to post for people who have 0 interest in buying/maintaining a private domain, a private website, are relatively uncomfortable with command line tools, and just want to achieve an SSL cert with minimal effort possible. So I repeat: this guide is for people who are migrating from plex (which automatically grants SSL certs) and who want to achieve an SSL cert on Emby as quick as humanly possible with minimal effort, without purchasing a domain name, only using free SSL certs, and minimal/no costs elsewhere. The overall easiest solution is if you have an ASUS router, having that router function as a "reverse proxy" and handle the SSL cert for you after getting an ASUS DDNS. The overall cost is free, assuming you have an ASUS router, and it auto-renews. This option won't work for everyone unfortunately as it requires you having an ASUS router. The second cheapest/quickest option I've found is zeroSSL, combined with a DDNS service with an email forwarding option. I don't use anything other than Asus and no-ip for my DDNS services so I can't comment on how others function price-wise, but no-ip allows email forwarding services for $10/year, a cost that can be reduced to a few dollars once you add on a coupon. You can attach your free DDNS no-IP domain (one that you renew every 30 days) to this service and get forwarded emails to verify your domain from zeroSSL, as they offer a domain verification via email, and then you can get a certificate from them renewed every 30 days. Once you get your cert from zeroSSL, you can easily convert it to an emby-friendly pfx format. Last option I've used was creating a test website using Windows IIS alongside my DDNS as a way to get the cert. This option assumes you have Windows 10 pro, so that you have access to Windows IIS. You need to make sure ahead of time you have the correct ports forwarded from your router, and those ports are open in your firewall, but I'm going to assume everyone has done that. Something that I've seen very few people comment on online is that Windows IIS is not configured to do ACME challenges by default. I kept trying to do this with a test site and Certifytheweb's GUI client, only for it to see the site, but not be able to read the ACME challenge. You have to manually add in a new "MIME Type" for the ACME challenge to be visible and certify properly. Add the MIME type where you enter "." in the file name extension field, then for MIME type add in "text/plain ." (the period at the end of 'text/plain .' is important, don't do 'text/plain'). After fixing this issue, I was thrilled to finally get the cert! If/when I feel like doing this test-site and SSL cert test with a virtual machine program or website stack like VirtualBox with Bitnami, I'll post about that as well if anyone is interested.
-
I just added a CA signed certificate from letsencrypt to get HTTPS for external connections. This site is really helpful (note - google translate messes up the commands): http://blog.ouranos..../04/emby-https/ Also basic instructions from here: https://letsencrypt....etting-started/ You need to have your own domain e.g. emby.mydomain.com, and have DNS configured to point to emby servers external IP. (inc use of DDNS service to do this. I use dnsomatic and cloudflare DNS) You need to have port 443 open on your router and port mapped to your emby servers IP. (This is because letsencrypt certification issuing process calls back to your server to ensure you own the domain) git clone https://github.com/certbot/certbot cd certbot ./certbot-auto certonly --standalone -d emby.domain.com cd /etc/letsencrypt/live/emby.domain.com sudo openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx Note: 1) Because certbot spawns a root owned process, permissions for /etc/letsencrypt dirs have root-only permissions so you may need to adjust permissions) 2) When openssl asks for password pass none (enter) Finally configure emby to use certificate at path /etc/letsencrypt/live/emby.domain.com/emby.pfx letsencrypt certificates are valid for 3 months, so this needs to be repeated every 3 months.