Jump to content

"Connection Failure" on PS4 out of the blue


PvB97
 Share

Recommended Posts

PvB97

Hi! 

I am sorry in advance if the information I provide is insufficient. This is my first post and the the connection had been working flawlessly for about 3 months. 

Info about the server: Emby 4.6.4.0
Ports forwarded to WAN: only 8920, running on a valid certificate. (Not 8096 for security reasons) 

Starting today my sister, who lives in a different country can't connect to my server anymore using https://tv.emby.media on her PS4. 
Her phone, which is on the same WiFi, works with the official Emby app using the same address, port and login data.

When she tries to access the server using tv.emby.media she gets the generic "Connection Failure" message.
Just for the fun in it, I asked her to try and access my server URL, ending with port 8920 itself in the browser, resulting in attached photo. You can see the error of tv.emby.media in the background.
In the "activity" overview in the Emby admin settings I can't see her PS4's "online" notification. The time and date on her PS4 is correct and was rebooted after verifying it being correct.
The certificate hasn't changed since August, at which time her connection was still working. 

Using NordVPN I tunneled to her country and tried connecting using tv.emby.media from a computer in a browser, which worked fine, no matter if I used http://tv.emby.media or https://tv.emby.media. Though as I said, I don't forward the unencrypted port 8096. 

There were no changes in the config of the server at all. Everything I can test from here, works. She can be trusted with inputting the correct URL and port. 

What am I missing? 

Thanks in advance for your patience and help. 

ps4connectionproblems.jpg

Edited by PvB97
forgot attaching photo of the cert error
Link to comment
Share on other sites

Hi, yes it sounds like the PS4 does not trust your SSL certificate. That's something you'll need to sort out, or switch to plain http.

Link to comment
Share on other sites

PvB97

What reason could there be for only the PS4 to complain? 
All of my browsers accept the certificate no problem, so does her Emby app on her phone...
It's also still valid until November...

Link to comment
Share on other sites

Every device has it's own requirements in terms of what SSL certificates it will trust and what it will not. That's why it will vary from one to another.

Link to comment
Share on other sites

adminExitium

I am assuming this is because of the same Letsencrypt Root Expiring so your options are this:

The second one (switching to ZeroSSL) is recommended since I am not sure whether the new LE Root will be trusted on the PS4 or not.

  • Like 1
Link to comment
Share on other sites

PvB97

Thanks!
I have identified this problem as well in the meantime but am nowhere close to finding a viable solution. 
The issue is that the PS4 does not support the new ISRG Root X1 root certificate that LE uses. 
And I'm unable to tell if there is even a chance ZeroSSL would help as I can't find out what CA Root Certificate ZeroSSL uses. 

Does anyone have more insight?

Can someone confirm ZeroSSL working on a PS4 with firmware 9.00?

Edited by PvB97
Link to comment
Share on other sites

PvB97

And let me guess, there is no way of just forcing the stupid PS4 to accept any cert, right? 

Link to comment
Share on other sites

adminExitium

No idea. It would be simpler to just switch the certs rather than looking for ways to force the PS4 to accept the untrusted cert. Almost every ACME client supports changing the ACME server from LE to others. If that's too much of a hassle, you can also create a free account on ZeroSSL and issue a cert via the UI (which is limited to 3, whereas the ACME implementation is unlimited).

Link to comment
Share on other sites

PvB97

Okay, I have given up on getting ZeroSSL going with my current config. It's just not working at all. 

Are there any huge security concerns when forwarding the unencrypted port 8096 into the internet with Emby? 

Link to comment
Share on other sites

7 hours ago, PvB97 said:

And let me guess, there is no way of just forcing the stupid PS4 to accept any cert, right? 

Correct, no way to do that.

Link to comment
Share on other sites

adminExitium
8 hours ago, PvB97 said:

The issue is that the PS4 does not support the new ISRG Root X1 root certificate that LE uses. 

According to the below link, it does support the new ISRG root. You will need to ensure you have the latest software and change your certificate to use the alternative chain provided by LE which doesn't have the DST root in the chain.

https://www.sie.com/content/dam/corporate/jp/guideline/PS4_Web_Content-Guidelines_e.pdf

Link to comment
Share on other sites

PvB97

Okay, I can now confirm that a european PS4 with current update level (version 9.00) does indeed not accept ISRG Root X1. 

With my cluster-f... server configuration it was quite a hassle to find the exact config file I needed to get certbot to certify using the ZeroSSL ACME-Server but ever since certifying the webserver with ZeroSSL, the PS4 is indeed able to connect again. 

Link to comment
Share on other sites

24 minutes ago, PvB97 said:

Okay, I can now confirm that a european PS4 with current update level (version 9.00) does indeed not accept ISRG Root X1. 

With my cluster-f... server configuration it was quite a hassle to find the exact config file I needed to get certbot to certify using the ZeroSSL ACME-Server but ever since certifying the webserver with ZeroSSL, the PS4 is indeed able to connect again. 

That's interesting, thanks for the info.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...