nickbmx2100 2 Posted October 2, 2021 Share Posted October 2, 2021 Looks like my Roku TV 7117X is no longer able to connect to my remote Emby Server via SSL. SSL certificate was generated by Synology Lets Encrypt. I wanted to create this thread to make awareness and so others with same problem can find this. This all seems to be related to the Lets Encrypt certificate issues from September 30. Other clients like IOS app and Chrome browsers can successfully connect with SSL. Looking through other threads other users are reporting with same issues. No sure if there is a way to fix. TCL Roku TV Software Version: 10.0.0 Build 4209-30 Emby App Version 4.0 Build 31 Link to comment Share on other sites More sharing options...
ebr 14903 Posted October 2, 2021 Share Posted October 2, 2021 Hi. Did you try this? Link to comment Share on other sites More sharing options...
Happy2Play 8242 Posted October 2, 2021 Share Posted October 2, 2021 (edited) Looks like lots of devices will/are be affected, but it has been a year in the making. Smart TVs, fridges and light bulbs may stop working next year: Here's why | Tom's Guide (tomsguide.com) Edited October 2, 2021 by Happy2Play 1 Link to comment Share on other sites More sharing options...
nickbmx2100 2 Posted October 3, 2021 Author Share Posted October 3, 2021 @ebr Looking that the above thread. It mentions attempting to import the new Root certificates to "Client Certificate Store". I'm not sure what this means, But am assuming its a directory inside the Smart TV? I don't have a way to have a root access to the TV. " But here you can download the new ROOT CA and Intermediate for ISRG X1 and X2 and import it to your Clients Certificates Store.After you did this, you will be able to reach all the Lets Encrypt sites again. (Maybe a Browser or App Restart is needed) " Reading though other threads today I found this, where it mentions a folder on the server. I will look into possible solution Link to comment Share on other sites More sharing options...
Luke 37009 Posted October 4, 2021 Share Posted October 4, 2021 @nickbmx2100 let us know what you find. Thanks! Link to comment Share on other sites More sharing options...
nickbmx2100 2 Posted October 4, 2021 Author Share Posted October 4, 2021 I used this SSL checker https://decoder.link/sslchecker/ to check what certs my emby server is reporting . It still shows the expired Root CA . But I could not find where the certs are stored on the server. I was also looking for temp folder but could not located it. My Emby Server is on Synology DSM7 installed via Package Center Subject Common Name R3 Subject Organization Let's Encrypt Issuer Common Name DST Root CA X3 Issuer Organization Digital Signature Trust Co. Not Before: Oct 07, 2020 19:21:40 GMT Not After: Sep 29, 2021 19:21:40 GMT Link to comment Share on other sites More sharing options...
Happy2Play 8242 Posted October 4, 2021 Share Posted October 4, 2021 @FrostBytedo you have any insight on this? Link to comment Share on other sites More sharing options...
FrostByte 5042 Posted October 4, 2021 Share Posted October 4, 2021 You should be able to see and delete any certificates right from DSM Click Control Panel > Security > Certificate > Action Link to comment Share on other sites More sharing options...
FrostByte 5042 Posted October 4, 2021 Share Posted October 4, 2021 (edited) The certs are in the following folder: /usr/syno/etc/certificate/ look in there. You should see a folder with the .pem files for each cert Edited October 4, 2021 by FrostByte Link to comment Share on other sites More sharing options...
nickbmx2100 2 Posted October 4, 2021 Author Share Posted October 4, 2021 I was looking for the X509 store. I found it at /volume1/@apphome/EmbyServer/.dotnet/corefx/cryptography/x509stores/ca Inside the folder is the PEM file. I renamed it backup.txt and restarted Emby Server to test. ash-4.4# pwd /volume1/@apphome/EmbyServer/.dotnet/corefx/cryptography/x509stores/ca ash-4.4# del 48504E974C0DAC5B5CD476C8202274B24C8C7172.pfx ash: del: command not found ash-4.4# mv 48504E974C0DAC5B5CD476C8202274B24C8C7172.pfx backup.txt ash-4.4# ls backup.txt Link to comment Share on other sites More sharing options...
nickbmx2100 2 Posted October 4, 2021 Author Share Posted October 4, 2021 Now when to run SSL checker https://decoder.link/sslchecker/ the updated ISRG Root X1 cert is now being used by server Subject Organization Let's Encrypt Issuer Common Name ISRG Root X1 Issuer Organization Internet Security Research Group Not Before: Sep 04, 2020 00:00:00 GMT Not After: Sep 15, 2025 16:00:00 GMT 1 Link to comment Share on other sites More sharing options...
nickbmx2100 2 Posted October 4, 2021 Author Share Posted October 4, 2021 (edited) This resolved my issues. I was able to Successfully connect my Roku TV/ Emby App to my Remote Emby Server using HTTPS . Recap: So even after updated cert gets saved via the Network menu under "Custom ssl certificate path" The server still holds on to old expired PFX at the X509store directory. There should be a way for Emby to clear that directory if a new PFX is updated by Admin. A Server restart does not update it. I had SSH with my to that specific directory as "Root" to clear it. Then restart EmbyServer Edited October 4, 2021 by nickbmx2100 1 Link to comment Share on other sites More sharing options...
svdasein 4 Posted December 3, 2021 Share Posted December 3, 2021 I ran into this problem as well. @nickbmx2100's solution to this worked for me as well. @Luke what are those files in that directory? root@emby:/var/lib/emby/.dotnet/corefx/cryptography/x509stores/ca# ll total 20 drwxr-xr-x 2 emby emby 4096 Dec 2 22:26 ./ drwxr-xr-x 3 emby emby 4096 Oct 30 2020 ../ -rw------- 1 emby emby 1344 Apr 29 2021 48504E974C0DAC5B5CD476C8202274B24C8C7172.pfx-backup -rw------- 1 emby emby 1520 Dec 2 22:26 A053375BFE84E8B748782C7CEE15827A6AF5A405.pfx -rw------- 1 emby emby 1384 Oct 30 2020 E6A3B45B062D509B3382282D196EFE97D5956CCB.pfx-backup I moved two extant ones out of the way via rename and restarted. This new one showed up. Link to comment Share on other sites More sharing options...
Luke 37009 Posted December 3, 2021 Share Posted December 3, 2021 30 minutes ago, svdasein said: I ran into this problem as well. @nickbmx2100's solution to this worked for me as well. @Luke what are those files in that directory? root@emby:/var/lib/emby/.dotnet/corefx/cryptography/x509stores/ca# ll total 20 drwxr-xr-x 2 emby emby 4096 Dec 2 22:26 ./ drwxr-xr-x 3 emby emby 4096 Oct 30 2020 ../ -rw------- 1 emby emby 1344 Apr 29 2021 48504E974C0DAC5B5CD476C8202274B24C8C7172.pfx-backup -rw------- 1 emby emby 1520 Dec 2 22:26 A053375BFE84E8B748782C7CEE15827A6AF5A405.pfx -rw------- 1 emby emby 1384 Oct 30 2020 E6A3B45B062D509B3382282D196EFE97D5956CCB.pfx-backup I moved two extant ones out of the way via rename and restarted. This new one showed up. They're not ours. They're used by the .NET runtime. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now