Jump to content

Several LG TV's cannot connect to server


shocker
Go to solution Solved by shocker,

Recommended Posts

17 hours ago, tobby said:

Thank you for that information! Here: https://doc.traefik.io/traefik/https/acme/ it only shows Let's encrypt, but I will give it another try. Since it's also using acme it should be possible to point to a different acme provider.

After a lot of try & error I got it running:
- ZeroSSL doesn't support the TLS-Challenge, so DNS-Challenge or HTTP-Challenge has to be used
- You will need a CAA-record in your DNS settings of your domain containing:

0 issue "sectigo.com"

I tried with "zerossl.com" instead of "sectigo.com" first, which didn't work. If you are using Let's Encrypt, too, you also need a CAA record containing

0 issue "letsencrypt.org"

- Traefik supports multiple certificate resolvers, but they must use the same email address or traefik won't start without any error message.
- external account binding (EAB) for ZeroSSL is only valid once, so don't delete your acme.json or you have to regenerate the eab credentials.

So this means:
- add a CAA record to the DNS of your domain for sectigo.com (see above)
- create an account at app.zerossl.com/signup and login at app.zerossl.com/login
- generate EAB credentials at https://app.zerossl.com/developer and note them somewhere
- use the following Traefik configuration example:

docker-compose.yaml:

version: '3.5'

networks:
  proxy:
    external:
      name: proxy

services:
  traefik:
    container_name: traefik
    image: traefik:v2.5
    restart: unless-stopped
    security_opt:
      - no-new-privileges=true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./config/dynamic:/dynamic:ro
      - ./config/traefik.yml:/traefik.yml:ro
      - ./acme:/acme
      - ./logs:/logs

config/traefik.yaml:

log:
  level: WARN
  filePath: "/logs/traefik.log"

accessLog:
  filePath: "/logs/access.log"

api:
  dashboard: true
  insecure: true

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    directory: /dynamic
    watch: true

certificatesResolvers:
  letsencrypt:
    acme:
      email: your@mailaddress.end
      tlsChallenge: {}
      storage: /acme/letsencrypt.json

  zerossl:
    acme:
      email: your@mailaddress.end # must (!) be the same!
      httpChallenge:
        entryPoint: web
      eab:
        kid: your-kid-key
        hmacEncoded: your-hmac
      caServer: https://acme.zerossl.com/v2/DV90
      storage: /acme/zerossl.json

config/dynamic/emby.yaml:

http:
  routers:
    emby:
      entryPoints:
        - websecure
      rule: "Host(`external.emby.domain`)"
      tls:
        certResolver: zerossl
      service: emby

  services:
    emby:
      loadBalancer:
        servers:
          - url: "http://internal.embydomain.orip:8096"

Haven't tried it on the LG TV yet, but my certificate got issued for my emby domain, while all other services remain at Let's Encrypt, so everything should work.

Edited by tobby
Link to comment
Share on other sites

OK, I have good news and bad news and better news...

The good news is that the acme.sh script is awesome (even has a Docker image for it) and I got Gandi Live DNS verification working for my domain.

The bad news is that ZeroSSL is down right now and not working, so my friends with LG televisions and the built-in Emby app are still not working for my server.

The better news is that my friends have all purchased Google Chromecasts for £30 and can now use the iOS or Android Emby app to cast to their TVs instead.

So, I think in the end... that's good news?

😄

Paully

Edited by plittlefield
Link to comment
Share on other sites

At last, I have had time to finally get the ZeroSSL working using the acme.sh script with Gandi LiveDNS verification.

Instructions are on my Wiki page here:-

https://wiki.indie-it.com/wiki/ZeroSSL

I am just waiting to here back from my friends with LG televisions to see if the app SSL connection problem has been fixed.

Edited by plittlefield
Link to comment
Share on other sites

UPDATE

Yessss, LG problems with Let's Encrypt SSL has been fixed by using ZeroSSL instead.

Now, friends using LG televisions can use the Emby app again.

Thanks to all who suggested ZeroSSL 🙂

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

I have the same issue, it was pointed out to me by someone else as I haven't used it in quite a while, we both use TV's, basically the same, they just have the larger screen model, I have gone through the process of switching to using ZeroSSL to no avail, just says connection failure, even when trying to put in the connection details manually and using http instead of https.

I run EMBY on my windows pc as had no use for a home linux server in years and all my storage is on my main pc anyway.

It was running fine before and after everywhere else, so I know it can't be a server issue as I can access it remotely and locally with other devices, just not the LG TV's, any other help/ideas would be great.

Link to comment
Share on other sites

  • 2 weeks later...

Well, im experiencing the same.. I dont think the solution (in my case) is to change preferred chain to a new certificate. The new root cert isnt trusted på LG oled C8, it will only validate the expired... I wish LG would update their TVs with new certs (the x1 has been around since 2015 and they havent included it.. pathetic)

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 months later...
exillerate

I ended up solving this by rooting my tv, and updating the certificates. In the end it was pretty easy, even though I'm a complete noob. Here is a step by step. Warning: Do this at your own risk. 

1. Open the browser on your TV. Enter rootmy.tv. Slide to root. You can use the same address in your browser to read more. 

2. Go to the homebrew app and settings. Enable telnet. Reboot tv.

3. Download an ssh client for your PC, like putty and open it. 

4. To find the address you need to connect to. Go to tv settings and network. Click on your internet connection (wifi or ethernet). There you will see an ip address. 

5. In putty type in the address and choose telnet as connection.

6. You should now be connected and be able to type a command. You can use the script from here: https://gist.github.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9

Simply type "curl -qs "https://gist.githubusercontent.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9/raw/install.sh?$(date +%s)" | sh -"

The script should run and update certificates. 

7. Reboot tv. That's it. Everything should work now. You should turn off telnet again in homebrew settings. 

  • Like 1
  • Agree 1
  • Thanks 1
Link to comment
Share on other sites

  • 3 weeks later...
mgworek
On 2/20/2022 at 1:56 PM, exillerate said:

I ended up solving this by rooting my tv, and updating the certificates. In the end it was pretty easy, even though I'm a complete noob. Here is a step by step. Warning: Do this at your own risk. 

1. Open the browser on your TV. Enter rootmy.tv. Slide to root. You can use the same address in your browser to read more. 

2. Go to the homebrew app and settings. Enable telnet. Reboot tv.

3. Download an ssh client for your PC, like putty and open it. 

4. To find the address you need to connect to. Go to tv settings and network. Click on your internet connection (wifi or ethernet). There you will see an ip address. 

5. In putty type in the address and choose telnet as connection.

6. You should now be connected and be able to type a command. You can use the script from here: https://gist.github.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9

Simply type "curl -qs "https://gist.githubusercontent.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9/raw/install.sh?$(date +%s)" | sh -"

The script should run and update certificates. 

7. Reboot tv. That's it. Everything should work now. You should turn off telnet again in homebrew settings. 

Ok just found this thread. My friend hasn't been able to connect on his tv for months while every other device in his house works. Is this the workaround? I am using SWAG docker on unraid for my certs oh wait, I just noticed SWAG works with ZeroSSL now. I guess I can switch to that and fix his issue. ok!

Edited by mgworek
Link to comment
Share on other sites

  • 2 weeks later...
hong777
On 21/02/2022 at 02:56, exillerate said:

I ended up solving this by rooting my tv, and updating the certificates. In the end it was pretty easy, even though I'm a complete noob. Here is a step by step. Warning: Do this at your own risk. 

1. Open the browser on your TV. Enter rootmy.tv. Slide to root. You can use the same address in your browser to read more. 

2. Go to the homebrew app and settings. Enable telnet. Reboot tv.

3. Download an ssh client for your PC, like putty and open it. 

4. To find the address you need to connect to. Go to tv settings and network. Click on your internet connection (wifi or ethernet). There you will see an ip address. 

5. In putty type in the address and choose telnet as connection.

6. You should now be connected and be able to type a command. You can use the script from here: https://gist.github.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9

Simply type "curl -qs "https://gist.githubusercontent.com/stek29/761232c6f7e1ffbc36b98da2a3a0f4d9/raw/install.sh?$(date +%s)" | sh -"

The script should run and update certificates. 

7. Reboot tv. That's it. Everything should work now. You should turn off telnet again in homebrew settings. 

Very good, the problem that https can't log in is completely solved, thank you

Link to comment
Share on other sites

  • 3 months later...
Napo_Leon

Since October 1st, I reverted to ZeroSLL to circumvent the LG WebOS problem.

But today, when I wanted to renew the certificate again, I was told you can only use the free 90-day certificate three (3x) times....
So either pay $120 per year minimum or revert back to Let'sEncrypt.

Isn't there a possibility to 'allow insecure connection' in the LG Emby app (like in Plex)?  

Screenshot 2022-06-27 115818.jpg

Link to comment
Share on other sites

adminExitium

Check into any of the acme clients like acme or certbot. ZeroSSL allows unlimited 90-day certificates if they have been issued via the acme protocol.

Link to comment
Share on other sites

8 hours ago, Napo_Leon said:

Since October 1st, I reverted to ZeroSLL to circumvent the LG WebOS problem.

But today, when I wanted to renew the certificate again, I was told you can only use the free 90-day certificate three (3x) times....
So either pay $120 per year minimum or revert back to Let'sEncrypt.

Isn't there a possibility to 'allow insecure connection' in the LG Emby app (like in Plex)?  

Screenshot 2022-06-27 115818.jpg

Hi, yes, by setting your server setting to prefer secure connections, but not require them.

Link to comment
Share on other sites

  • 2 months later...

Hi all,

does someone have a small guide on how to properly install traefik (+zerossl) with emby on an unraid system? Im totally lost with it, and would like to have a reversed proxy with whitelisted IPs for LG TVs, which cannot connect 😕

Thanks

P.

Edited by Peppe
Link to comment
Share on other sites

On 8/29/2022 at 10:21 AM, Peppe said:

Hi all,

does someone have a small guide on how to properly install traefik (+zerossl) with emby on an unraid system? Im totally lost with it, and would like to have a reversed proxy with whitelisted IPs for LG TVs, which cannot connect 😕

Thanks

P.

Hi, how far have you gotten?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...