tobby 14 Posted November 10, 2021 Share Posted November 10, 2021 (edited) 17 hours ago, tobby said: Thank you for that information! Here: https://doc.traefik.io/traefik/https/acme/ it only shows Let's encrypt, but I will give it another try. Since it's also using acme it should be possible to point to a different acme provider. After a lot of try & error I got it running: - ZeroSSL doesn't support the TLS-Challenge, so DNS-Challenge or HTTP-Challenge has to be used - You will need a CAA-record in your DNS settings of your domain containing: 0 issue "sectigo.com" I tried with "zerossl.com" instead of "sectigo.com" first, which didn't work. If you are using Let's Encrypt, too, you also need a CAA record containing 0 issue "letsencrypt.org" - Traefik supports multiple certificate resolvers, but they must use the same email address or traefik won't start without any error message. - external account binding (EAB) for ZeroSSL is only valid once, so don't delete your acme.json or you have to regenerate the eab credentials. So this means: - add a CAA record to the DNS of your domain for sectigo.com (see above) - create an account at app.zerossl.com/signup and login at app.zerossl.com/login - generate EAB credentials at https://app.zerossl.com/developer and note them somewhere - use the following Traefik configuration example: docker-compose.yaml: version: '3.5' networks: proxy: external: name: proxy services: traefik: container_name: traefik image: traefik:v2.5 restart: unless-stopped security_opt: - no-new-privileges=true networks: - proxy ports: - 80:80 - 443:443 - 8080:8080 volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ./config/dynamic:/dynamic:ro - ./config/traefik.yml:/traefik.yml:ro - ./acme:/acme - ./logs:/logs config/traefik.yaml: log: level: WARN filePath: "/logs/traefik.log" accessLog: filePath: "/logs/access.log" api: dashboard: true insecure: true entryPoints: web: address: ":80" http: redirections: entryPoint: to: websecure scheme: https permanent: true websecure: address: ":443" providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false file: directory: /dynamic watch: true certificatesResolvers: letsencrypt: acme: email: your@mailaddress.end tlsChallenge: {} storage: /acme/letsencrypt.json zerossl: acme: email: your@mailaddress.end # must (!) be the same! httpChallenge: entryPoint: web eab: kid: your-kid-key hmacEncoded: your-hmac caServer: https://acme.zerossl.com/v2/DV90 storage: /acme/zerossl.json config/dynamic/emby.yaml: http: routers: emby: entryPoints: - websecure rule: "Host(`external.emby.domain`)" tls: certResolver: zerossl service: emby services: emby: loadBalancer: servers: - url: "http://internal.embydomain.orip:8096" Haven't tried it on the LG TV yet, but my certificate got issued for my emby domain, while all other services remain at Let's Encrypt, so everything should work. Edited November 10, 2021 by tobby Link to comment Share on other sites More sharing options...
plittlefield 44 Posted November 10, 2021 Share Posted November 10, 2021 Woah, now that's some work right there! Nice one @tobby I am hoping to have a play with acme.sh + ZeroSSL + DNS + pfx files at some point this week Link to comment Share on other sites More sharing options...
plittlefield 44 Posted November 16, 2021 Share Posted November 16, 2021 (edited) OK, I have good news and bad news and better news... The good news is that the acme.sh script is awesome (even has a Docker image for it) and I got Gandi Live DNS verification working for my domain. The bad news is that ZeroSSL is down right now and not working, so my friends with LG televisions and the built-in Emby app are still not working for my server. The better news is that my friends have all purchased Google Chromecasts for £30 and can now use the iOS or Android Emby app to cast to their TVs instead. So, I think in the end... that's good news? Paully Edited November 16, 2021 by plittlefield Link to comment Share on other sites More sharing options...
plittlefield 44 Posted November 22, 2021 Share Posted November 22, 2021 (edited) At last, I have had time to finally get the ZeroSSL working using the acme.sh script with Gandi LiveDNS verification. Instructions are on my Wiki page here:- https://wiki.indie-it.com/wiki/ZeroSSL I am just waiting to here back from my friends with LG televisions to see if the app SSL connection problem has been fixed. Edited November 22, 2021 by plittlefield Link to comment Share on other sites More sharing options...
tobby 14 Posted November 22, 2021 Share Posted November 22, 2021 On Saturday I tried my Traefik reverse proxy setup (see above) and it's working great on LG tvs, too. Link to comment Share on other sites More sharing options...
plittlefield 44 Posted November 22, 2021 Share Posted November 22, 2021 UPDATE Yessss, LG problems with Let's Encrypt SSL has been fixed by using ZeroSSL instead. Now, friends using LG televisions can use the Emby app again. Thanks to all who suggested ZeroSSL 1 1 Link to comment Share on other sites More sharing options...
V4mpire 0 Posted November 22, 2021 Share Posted November 22, 2021 I have the same issue, it was pointed out to me by someone else as I haven't used it in quite a while, we both use TV's, basically the same, they just have the larger screen model, I have gone through the process of switching to using ZeroSSL to no avail, just says connection failure, even when trying to put in the connection details manually and using http instead of https. I run EMBY on my windows pc as had no use for a home linux server in years and all my storage is on my main pc anyway. It was running fine before and after everywhere else, so I know it can't be a server issue as I can access it remotely and locally with other devices, just not the LG TV's, any other help/ideas would be great. Link to comment Share on other sites More sharing options...
blj 3 Posted December 5, 2021 Share Posted December 5, 2021 Well, im experiencing the same.. I dont think the solution (in my case) is to change preferred chain to a new certificate. The new root cert isnt trusted på LG oled C8, it will only validate the expired... I wish LG would update their TVs with new certs (the x1 has been around since 2015 and they havent included it.. pathetic) Link to comment Share on other sites More sharing options...
Luke 37009 Posted December 16, 2021 Share Posted December 16, 2021 Emby for LG TV's 1.0.31 has been released. Stay tuned to the blog for the release announcement. 1 Link to comment Share on other sites More sharing options...
exillerate 3 Posted February 20, 2022 Share Posted February 20, 2022 I ended up solving this by rooting my tv, and updating the certificates. In the end it was pretty easy, even though I'm a complete noob. Here is a step by step. Warning: Do this at your own risk. 1. Open the browser on your TV. Enter rootmy.tv. Slide to root. You can use the same address in your browser to read more. 2. Go to the homebrew app and settings. Enable telnet. Reboot tv. 3. Download an ssh client for your PC, like putty and open it. 4. To find the address you need to connect to. Go to tv settings and network. Click on your internet connection (wifi or ethernet). There you will see an ip address. 5. In putty type in the address and choose telnet as connection. 6. You should now be connected and be able to type a command. You can use the script from here: https://gist.github.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9 Simply type "curl -qs "https://gist.githubusercontent.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9/raw/install.sh?$(date +%s)" | sh -" The script should run and update certificates. 7. Reboot tv. That's it. Everything should work now. You should turn off telnet again in homebrew settings. 1 1 1 Link to comment Share on other sites More sharing options...
mgworek 121 Posted March 12, 2022 Share Posted March 12, 2022 (edited) On 2/20/2022 at 1:56 PM, exillerate said: I ended up solving this by rooting my tv, and updating the certificates. In the end it was pretty easy, even though I'm a complete noob. Here is a step by step. Warning: Do this at your own risk. 1. Open the browser on your TV. Enter rootmy.tv. Slide to root. You can use the same address in your browser to read more. 2. Go to the homebrew app and settings. Enable telnet. Reboot tv. 3. Download an ssh client for your PC, like putty and open it. 4. To find the address you need to connect to. Go to tv settings and network. Click on your internet connection (wifi or ethernet). There you will see an ip address. 5. In putty type in the address and choose telnet as connection. 6. You should now be connected and be able to type a command. You can use the script from here: https://gist.github.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9 Simply type "curl -qs "https://gist.githubusercontent.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9/raw/install.sh?$(date +%s)" | sh -" The script should run and update certificates. 7. Reboot tv. That's it. Everything should work now. You should turn off telnet again in homebrew settings. Ok just found this thread. My friend hasn't been able to connect on his tv for months while every other device in his house works. Is this the workaround? I am using SWAG docker on unraid for my certs oh wait, I just noticed SWAG works with ZeroSSL now. I guess I can switch to that and fix his issue. ok! Edited March 12, 2022 by mgworek Link to comment Share on other sites More sharing options...
hong777 0 Posted March 26, 2022 Share Posted March 26, 2022 On 21/02/2022 at 02:56, exillerate said: I ended up solving this by rooting my tv, and updating the certificates. In the end it was pretty easy, even though I'm a complete noob. Here is a step by step. Warning: Do this at your own risk. 1. Open the browser on your TV. Enter rootmy.tv. Slide to root. You can use the same address in your browser to read more. 2. Go to the homebrew app and settings. Enable telnet. Reboot tv. 3. Download an ssh client for your PC, like putty and open it. 4. To find the address you need to connect to. Go to tv settings and network. Click on your internet connection (wifi or ethernet). There you will see an ip address. 5. In putty type in the address and choose telnet as connection. 6. You should now be connected and be able to type a command. You can use the script from here: https://gist.github.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9 Simply type "curl -qs "https://gist.githubusercontent.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9/raw/install.sh?$(date +%s)" | sh -" The script should run and update certificates. 7. Reboot tv. That's it. Everything should work now. You should turn off telnet again in homebrew settings. Very good, the problem that https can't log in is completely solved, thank you Link to comment Share on other sites More sharing options...
Napo_Leon 5 Posted June 27, 2022 Share Posted June 27, 2022 Since October 1st, I reverted to ZeroSLL to circumvent the LG WebOS problem. But today, when I wanted to renew the certificate again, I was told you can only use the free 90-day certificate three (3x) times.... So either pay $120 per year minimum or revert back to Let'sEncrypt. Isn't there a possibility to 'allow insecure connection' in the LG Emby app (like in Plex)? Link to comment Share on other sites More sharing options...
adminExitium 171 Posted June 27, 2022 Share Posted June 27, 2022 Check into any of the acme clients like acme or certbot. ZeroSSL allows unlimited 90-day certificates if they have been issued via the acme protocol. Link to comment Share on other sites More sharing options...
Luke 37009 Posted June 27, 2022 Share Posted June 27, 2022 8 hours ago, Napo_Leon said: Since October 1st, I reverted to ZeroSLL to circumvent the LG WebOS problem. But today, when I wanted to renew the certificate again, I was told you can only use the free 90-day certificate three (3x) times.... So either pay $120 per year minimum or revert back to Let'sEncrypt. Isn't there a possibility to 'allow insecure connection' in the LG Emby app (like in Plex)? Hi, yes, by setting your server setting to prefer secure connections, but not require them. Link to comment Share on other sites More sharing options...
Peppe 4 Posted August 29, 2022 Share Posted August 29, 2022 (edited) Hi all, does someone have a small guide on how to properly install traefik (+zerossl) with emby on an unraid system? Im totally lost with it, and would like to have a reversed proxy with whitelisted IPs for LG TVs, which cannot connect Thanks P. Edited August 29, 2022 by Peppe Link to comment Share on other sites More sharing options...
Luke 37009 Posted August 30, 2022 Share Posted August 30, 2022 On 8/29/2022 at 10:21 AM, Peppe said: Hi all, does someone have a small guide on how to properly install traefik (+zerossl) with emby on an unraid system? Im totally lost with it, and would like to have a reversed proxy with whitelisted IPs for LG TVs, which cannot connect Thanks P. Hi, how far have you gotten? Link to comment Share on other sites More sharing options...
Luke 37009 Posted December 26, 2022 Share Posted December 26, 2022 Emby for LG TV's 1.0.37 has been released. Stay tuned to the blog for the release announcement. Can you please try out the new update and let us know how it compares? Thanks ! Link to comment Share on other sites More sharing options...
Peppe 4 Posted February 13, 2023 Share Posted February 13, 2023 Hi, sorry to reopen this older topic...but still no luck to gain access to my emby server from older samsung or LG tvs. Someone has a hint or a tutorial, how to set it up in Unraid/Swag/Acme/Emby? Which settings need to be changed exactly? Here the log from Swag...check attachment. Thanks swag.log Link to comment Share on other sites More sharing options...
Luke 37009 Posted February 14, 2023 Share Posted February 14, 2023 11 hours ago, Peppe said: Hi, sorry to reopen this older topic...but still no luck to gain access to my emby server from older samsung or LG tvs. Someone has a hint or a tutorial, how to set it up in Unraid/Swag/Acme/Emby? Which settings need to be changed exactly? Here the log from Swag...check attachment. Thanks swag.log 3.1 kB · 0 downloads HI, what type of certificate is it? Have you checked that your LG and Samsung TV's trust this certificate? This is going to be the biggest roadblock to SSL with Samsung and LG. Link to comment Share on other sites More sharing options...
Peppe 4 Posted February 14, 2023 Share Posted February 14, 2023 Hi Luke, issue has been solved, after i changed in Cloudflare the A and CNAME to DNS only...as the certs have been created by cloudflare and not zerossl... 1 Link to comment Share on other sites More sharing options...
D1sk 4 Posted May 10, 2023 Share Posted May 10, 2023 I have also been unable to connect to my server via the lG Emby app for months. The server is not in my home network. I have no SSL certificate in the emby server. I do this with Ngnix Reserve Proxy where I create a ssl certificate with Lets encrypt. With the same tool I specify the internal port of the Emby server and on which port EMby is visible against look. I can reach Emby from any other device like mobile, tablet and PC from outside my network. But not via LG-TV. If I enter the domain with the port I can not connect or if I use the IP that comes from the provider. When I try with pin code at LG several servers are loaded but I can't click on any of them. I do not know what else I can do? Link to comment Share on other sites More sharing options...
SamES 890 Posted May 10, 2023 Share Posted May 10, 2023 3 hours ago, D1sk said: I have also been unable to connect to my server via the lG Emby app for months. The server is not in my home network. I have no SSL certificate in the emby server. I do this with Ngnix Reserve Proxy where I create a ssl certificate with Lets encrypt. With the same tool I specify the internal port of the Emby server and on which port EMby is visible against look. I can reach Emby from any other device like mobile, tablet and PC from outside my network. But not via LG-TV. If I enter the domain with the port I can not connect or if I use the IP that comes from the provider. When I try with pin code at LG several servers are loaded but I can't click on any of them. I do not know what else I can do? The issue here is not Emby, it's the LG TV. The fact that you are using a Let's Encrypt certificate is the problem. Some time ago Lets Encrypt root certificates expired and they haven't been updated in the TV, so any connections via https will fail. You will need to try another certificate type such as ZeroSSL that still has a current root certificate in the TV 1 Link to comment Share on other sites More sharing options...
D1sk 4 Posted May 10, 2023 Share Posted May 10, 2023 31 minutes ago, SamES said: The issue here is not Emby, it's the LG TV. The fact that you are using a Let's Encrypt certificate is the problem. Some time ago Lets Encrypt root certificates expired and they haven't been updated in the TV, so any connections via https will fail. You will need to try another certificate type such as ZeroSSL that still has a current root certificate in the TV Thanks for the info What if I root my LG? Would it work then too? I know the warranty expires but I don't give a damn about it, this warranty is not worth anything anyway because no one from LG will exchange a 77 inch. Link to comment Share on other sites More sharing options...
SamES 890 Posted May 10, 2023 Share Posted May 10, 2023 6 minutes ago, D1sk said: Thanks for the info What if I root my LG? Would it work then too? I know the warranty expires but I don't give a damn about it, this warranty is not worth anything anyway because no one from LG will exchange a 77 inch. I have no idea whether you would be able add a new root certificate by doing that Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now