Jump to content

Search the Community

Showing results for tags 'ssl https'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support

Blogs

  • Emby Blog

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 3 results

  1. hi guys my isp has blocked port 80 and I'm unable to authorize my certificates for my ddns. for the sake of the noob users on my network it would be helpful if your apps would automatically accept self signed certificates. i understand this is not possible in web browsers but surely its possible in your apps on smart tv's and consoles etc.... i have recently had to give plex my money which i am not happy about. i dont want to stop supporting emby however if i cant use the secure connections its of no real use to me anymore.
  2. What I have done so far, I have a domain name purchased from namecheap i'll call it <mydomain> I used namecheap's DDNS on my emby server which creates an A record on the domain. for whatever reason, I had to use www.<mydomain>.com I don't know why but i had to add the www's to get it to work, I had also tried @<mydomain>.com but it would never update I have let this run for a week so everything should be updated and ready to go On my router I forwarded ports 80 and 443 to the emby server with my particular router I can't figure out a way to permit it through the firewall but my test has the firewall turned off so I dont think it is causing the issue. Emby's setting local http 8096 https 8920 public http 80 https 443 allow remote is checked caddy v2 I downloaded the zip, unzipped it on the root directory. Created the extension-less "caddyfile" its contents are, { email <mygmail>@gmail.com } www.<mydomain>.com { reverse_proxy http://192.168.0.18:80 } I know I can use localhost instead of the IP, this should work though because I know it's internal IP and I have it set to not change as I use it to connect using RDP. Running everything I use command prompt and navigate to the Caddy directory with router firewall on and the server's firewall off, I run # caddy run C:\Caddy>caddy run 2020/06/21 14:46:17.402 [34mINFO[0m using adjacent Caddyfile 2020/06/21 14:46:17.413 [34mINFO[0m admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["localhost:2019"]} 2020/06/21 08:46:17 [INFO][cache:0xc0005ff7c0] Started certificate maintenance routine 2020/06/21 14:46:17.415 [34mINFO[0m http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443} 2020/06/21 14:46:17.415 [34mINFO[0m http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"} 2020/06/21 14:46:17.418 [34mINFO[0m tls cleaned up storage units 2020/06/21 14:46:17.418 [34mINFO[0m http enabling automatic TLS certificate management {"domains": ["www.<mydomain>.com"]} 2020/06/21 08:46:17 [INFO][www.<mydomain>.com] Obtain certificate; acquiring lock... 2020/06/21 14:46:17.425 [34mINFO[0m autosaved config {"file": "C:\\Users\\<myuser>\\AppData\\Roaming\\Caddy\\autosave.json"} 2020/06/21 14:46:17.428 [34mINFO[0m serving initial configuration 2020/06/21 08:46:17 [INFO][www.<mydomain>.com] Obtain: Lock acquired; proceeding... 2020/06/21 08:46:17 [INFO][www.<mydomain>.com] Waiting on rate limiter... 2020/06/21 08:46:17 [INFO][www.<mydomain>.com] Done waiting 2020/06/21 08:46:17 [INFO] [www.<mydomain>.com] acme: Obtaining bundled SAN certificate given a CSR 2020/06/21 08:46:18 [INFO] [www.<mydomain>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387022605 2020/06/21 08:46:18 [INFO] [www.<mydomain>.com] acme: Could not find solver for: tls-alpn-01 2020/06/21 08:46:18 [INFO] [www.<mydomain>.com] acme: use http-01 solver 2020/06/21 08:46:18 [INFO] [www.<mydomain>.com] acme: Trying to solve HTTP-01 2020/06/21 08:46:25 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387022605 2020/06/21 08:46:25 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387022605 2020/06/21 08:46:25 [ERROR] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://www.<mydomain>.com/.well-known/acme-challenge/P-jvWvwSBjkK_9PQepBe5puAo_TLpsdonnZVunocu-I: Connection reset by peer, url: (challenge=http-01 remaining=[tls-alpn-01]) 2020/06/21 08:46:27 [INFO] [www.<mydomain>.com] acme: Obtaining bundled SAN certificate given a CSR 2020/06/21 08:46:27 [INFO] [www.<mydomain>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387024673 2020/06/21 08:46:27 [INFO] [www.<mydomain>.com] acme: use tls-alpn-01 solver 2020/06/21 08:46:27 [INFO] [www.<mydomain>.com] acme: Trying to solve TLS-ALPN-01 2020/06/21 08:46:28 http: TLS handshake error from 127.0.0.1:61875: EOF 2020/06/21 08:46:28 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387024673 2020/06/21 08:46:28 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387024673 2020/06/21 08:46:28 [ERROR] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused, url: (challenge=tls-alpn-01 remaining=[]) 2020/06/21 08:46:30 [ERROR] attempt 1: [www.<mydomain>.com] Obtain: [www.<mydomain>.com] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused, url: - retrying in 1m0s (13.0492981s/720h0m0s elapsed)... 2020/06/21 14:46:34.960 [34mINFO[0m shutting down {"signal": "SIGINT"} 2020/06/21 08:46:34 [INFO][cache:0xc0005ff7c0] Stopped certificate maintenance routine 2020/06/21 08:46:34 [INFO][www.<mydomain>.com] Obtain: Releasing lock 2020/06/21 14:46:34.963 [34mINFO[0m shutdown done {"signal": "SIGINT"} with both router and caddy server's firewalls off I run caddy and it does this, C:\Caddy>caddy run 2020/06/21 14:47:55.788 [34mINFO[0m using adjacent Caddyfile 2020/06/21 14:47:55.794 [34mINFO[0m admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["localhost:2019"]} 2020/06/21 14:47:55.795 [34mINFO[0m http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443} 2020/06/21 14:47:55.795 [34mINFO[0m http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"} 2020/06/21 08:47:55 [INFO][cache:0xc0002e3b80] Started certificate maintenance routine 2020/06/21 14:47:55.796 [34mINFO[0m http enabling automatic TLS certificate management {"domains": ["www.<mydomain>.com"]} 2020/06/21 14:47:55.797 [34mINFO[0m tls cleaned up storage units 2020/06/21 14:47:55.798 [34mINFO[0m autosaved config {"file": "C:\\Users\\<myuser>\\AppData\\Roaming\\Caddy\\autosave.json"} 2020/06/21 14:47:55.799 [34mINFO[0m serving initial configuration 2020/06/21 08:47:55 [INFO][www.<mydomain>.com] Obtain certificate; acquiring lock... 2020/06/21 08:47:55 [INFO][www.<mydomain>.com] Obtain: Lock acquired; proceeding... 2020/06/21 08:47:55 [INFO][www.<mydomain>.com] Waiting on rate limiter... 2020/06/21 08:47:55 [INFO][www.<mydomain>.com] Done waiting 2020/06/21 08:47:55 [INFO] [www.<mydomain>.com] acme: Obtaining bundled SAN certificate given a CSR 2020/06/21 08:47:56 [INFO] [www.<mydomain>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387042878 2020/06/21 08:47:56 [INFO] [www.<mydomain>.com] acme: Could not find solver for: tls-alpn-01 2020/06/21 08:47:56 [INFO] [www.<mydomain>.com] acme: use http-01 solver 2020/06/21 08:47:56 [INFO] [www.<mydomain>.com] acme: Trying to solve HTTP-01 2020/06/21 08:48:03 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387042878 2020/06/21 08:48:03 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387042878 2020/06/21 08:48:03 [ERROR] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://www.<mydomain>.com/.well-known/acme-challenge/fZqo0DmEmVjo9sElqDlmfJv6r_y50shAJ87QeOgb_rE: Connection reset by peer, url: (challenge=http-01 remaining=[tls-alpn-01]) 2020/06/21 08:48:05 [INFO] [www.<mydomain>.com] acme: Obtaining bundled SAN certificate given a CSR 2020/06/21 08:48:06 [INFO] [www.<mydomain>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387045568 2020/06/21 08:48:06 [INFO] [www.<mydomain>.com] acme: use tls-alpn-01 solver 2020/06/21 08:48:06 [INFO] [www.<mydomain>.com] acme: Trying to solve TLS-ALPN-01 2020/06/21 08:48:06 http: TLS handshake error from 127.0.0.1:62306: EOF 2020/06/21 08:48:11 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387045568 2020/06/21 08:48:11 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5387045568 2020/06/21 08:48:11 [ERROR] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused, url: (challenge=tls-alpn-01 remaining=[]) 2020/06/21 08:48:13 [ERROR] attempt 1: [www.<mydomain>.com] Obtain: [www.<mydomain>.com] acme: Error -> One or more domains had a problem: [www.<mydomain>.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused, url: - retrying in 1m0s (17.8656781s/720h0m0s elapsed)... 2020/06/21 14:48:24.865 [34mINFO[0m shutting down {"signal": "SIGINT"} 2020/06/21 08:48:24 [INFO][cache:0xc0002e3b80] Stopped certificate maintenance routine 2020/06/21 08:48:24 [INFO][www.<mydomain>.com] Obtain: Releasing lock 2020/06/21 14:48:24.867 [34mINFO[0m shutdown done {"signal": "SIGINT"} The emby server is running windows server 2019 like a lot of server's it doesn't have any additional antivirus or firewall beyond windows defender. This is what I am referring to when I say in the test that the firewall is turned off. Both Private and Public network settings are set to 'Turn off Windows Defender Firewall'. Any help with why this isn't working would be appreciated. If I left out anything that is important please let me know. I am unfamiliar with all of this so if I didn't mention it I almost certainly didn't do it.
  3. So I found the self signed certificate ssl partially worked, but it only loaded on certain browsers because of security settings. Therefore I got an ssl certificate from startssl. Once realising that emby can't handle password protected certificates (the https page simply doesn't load) I stripped the password from it with openssl and added it back onto EMBY. Now receive a new error below. This error is from Chrome, other browsers simply failed to acknowledge the page at all. I'm unsure where the source of the problem could be, EMBY/openssl/startssl? or how to check. Are there any known issues that are likely to cause this/ways to test what is going on? Thanks! Woody **** 82.17.##.## normally uses encryption to protect your information. When Chrome tried to connect to 82.17.##.## this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be 82.17.##.##, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged. You cannot visit 82.17.##.## right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later. ****
×
×
  • Create New...