Jump to content

Several LG TV's cannot connect to server


shocker
Go to solution Solved by shocker,

Recommended Posts

tobby
17 hours ago, tobby said:

Thank you for that information! Here: https://doc.traefik.io/traefik/https/acme/ it only shows Let's encrypt, but I will give it another try. Since it's also using acme it should be possible to point to a different acme provider.

After a lot of try & error I got it running:
- ZeroSSL doesn't support the TLS-Challenge, so DNS-Challenge or HTTP-Challenge has to be used
- You will need a CAA-record in your DNS settings of your domain containing:

0 issue "sectigo.com"

I tried with "zerossl.com" instead of "sectigo.com" first, which didn't work. If you are using Let's Encrypt, too, you also need a CAA record containing

0 issue "letsencrypt.org"

- Traefik supports multiple certificate resolvers, but they must use the same email address or traefik won't start without any error message.
- external account binding (EAB) for ZeroSSL is only valid once, so don't delete your acme.json or you have to regenerate the eab credentials.

So this means:
- add a CAA record to the DNS of your domain for sectigo.com (see above)
- create an account at app.zerossl.com/signup and login at app.zerossl.com/login
- generate EAB credentials at https://app.zerossl.com/developer and note them somewhere
- use the following Traefik configuration example:

docker-compose.yaml:

version: '3.5'

networks:
  proxy:
    external:
      name: proxy

services:
  traefik:
    container_name: traefik
    image: traefik:v2.5
    restart: unless-stopped
    security_opt:
      - no-new-privileges=true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./config/dynamic:/dynamic:ro
      - ./config/traefik.yml:/traefik.yml:ro
      - ./acme:/acme
      - ./logs:/logs

config/traefik.yaml:

log:
  level: WARN
  filePath: "/logs/traefik.log"

accessLog:
  filePath: "/logs/access.log"

api:
  dashboard: true
  insecure: true

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    directory: /dynamic
    watch: true

certificatesResolvers:
  letsencrypt:
    acme:
      email: your@mailaddress.end
      tlsChallenge: {}
      storage: /acme/letsencrypt.json

  zerossl:
    acme:
      email: your@mailaddress.end # must (!) be the same!
      httpChallenge:
        entryPoint: web
      eab:
        kid: your-kid-key
        hmacEncoded: your-hmac
      caServer: https://acme.zerossl.com/v2/DV90
      storage: /acme/zerossl.json

config/dynamic/emby.yaml:

http:
  routers:
    emby:
      entryPoints:
        - websecure
      rule: "Host(`external.emby.domain`)"
      tls:
        certResolver: zerossl
      service: emby

  services:
    emby:
      loadBalancer:
        servers:
          - url: "http://internal.embydomain.orip:8096"

Haven't tried it on the LG TV yet, but my certificate got issued for my emby domain, while all other services remain at Let's Encrypt, so everything should work.

Edited by tobby
Link to comment
Share on other sites

plittlefield

Woah, now that's some work right there! Nice one @tobby

I am hoping to have a play with acme.sh + ZeroSSL + DNS + pfx files at some point this week 🙂

Link to comment
Share on other sites

plittlefield

OK, I have good news and bad news and better news...

The good news is that the acme.sh script is awesome (even has a Docker image for it) and I got Gandi Live DNS verification working for my domain.

The bad news is that ZeroSSL is down right now and not working, so my friends with LG televisions and the built-in Emby app are still not working for my server.

The better news is that my friends have all purchased Google Chromecasts for £30 and can now use the iOS or Android Emby app to cast to their TVs instead.

So, I think in the end... that's good news?

😄

Paully

Edited by plittlefield
Link to comment
Share on other sites

plittlefield

At last, I have had time to finally get the ZeroSSL working using the acme.sh script with Gandi LiveDNS verification.

Instructions are on my Wiki page here:-

https://wiki.indie-it.com/wiki/ZeroSSL

I am just waiting to here back from my friends with LG televisions to see if the app SSL connection problem has been fixed.

Edited by plittlefield
Link to comment
Share on other sites

tobby

On Saturday I tried my Traefik reverse proxy setup (see above) and it's working great on LG tvs, too. :)

Link to comment
Share on other sites

plittlefield

UPDATE

Yessss, LG problems with Let's Encrypt SSL has been fixed by using ZeroSSL instead.

Now, friends using LG televisions can use the Emby app again.

Thanks to all who suggested ZeroSSL 🙂

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

V4mpire

I have the same issue, it was pointed out to me by someone else as I haven't used it in quite a while, we both use TV's, basically the same, they just have the larger screen model, I have gone through the process of switching to using ZeroSSL to no avail, just says connection failure, even when trying to put in the connection details manually and using http instead of https.

I run EMBY on my windows pc as had no use for a home linux server in years and all my storage is on my main pc anyway.

It was running fine before and after everywhere else, so I know it can't be a server issue as I can access it remotely and locally with other devices, just not the LG TV's, any other help/ideas would be great.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...