PvB97 0 Posted October 12, 2021 Share Posted October 12, 2021 (edited) Hi! I am sorry in advance if the information I provide is insufficient. This is my first post and the the connection had been working flawlessly for about 3 months. Info about the server: Emby 4.6.4.0 Ports forwarded to WAN: only 8920, running on a valid certificate. (Not 8096 for security reasons) Starting today my sister, who lives in a different country can't connect to my server anymore using https://tv.emby.media on her PS4. Her phone, which is on the same WiFi, works with the official Emby app using the same address, port and login data. When she tries to access the server using tv.emby.media she gets the generic "Connection Failure" message. Just for the fun in it, I asked her to try and access my server URL, ending with port 8920 itself in the browser, resulting in attached photo. You can see the error of tv.emby.media in the background. In the "activity" overview in the Emby admin settings I can't see her PS4's "online" notification. The time and date on her PS4 is correct and was rebooted after verifying it being correct. The certificate hasn't changed since August, at which time her connection was still working. Using NordVPN I tunneled to her country and tried connecting using tv.emby.media from a computer in a browser, which worked fine, no matter if I used http://tv.emby.media or https://tv.emby.media. Though as I said, I don't forward the unencrypted port 8096. There were no changes in the config of the server at all. Everything I can test from here, works. She can be trusted with inputting the correct URL and port. What am I missing? Thanks in advance for your patience and help. Edited October 12, 2021 by PvB97 forgot attaching photo of the cert error Link to comment Share on other sites More sharing options...
Luke 36879 Posted October 12, 2021 Share Posted October 12, 2021 Hi, yes it sounds like the PS4 does not trust your SSL certificate. That's something you'll need to sort out, or switch to plain http. Link to comment Share on other sites More sharing options...
PvB97 0 Posted October 12, 2021 Author Share Posted October 12, 2021 What reason could there be for only the PS4 to complain? All of my browsers accept the certificate no problem, so does her Emby app on her phone... It's also still valid until November... Link to comment Share on other sites More sharing options...
Luke 36879 Posted October 12, 2021 Share Posted October 12, 2021 Every device has it's own requirements in terms of what SSL certificates it will trust and what it will not. That's why it will vary from one to another. Link to comment Share on other sites More sharing options...
adminExitium 164 Posted October 14, 2021 Share Posted October 14, 2021 I am assuming this is because of the same Letsencrypt Root Expiring so your options are this: The second one (switching to ZeroSSL) is recommended since I am not sure whether the new LE Root will be trusted on the PS4 or not. 1 Link to comment Share on other sites More sharing options...
PvB97 0 Posted October 14, 2021 Author Share Posted October 14, 2021 (edited) Thanks! I have identified this problem as well in the meantime but am nowhere close to finding a viable solution. The issue is that the PS4 does not support the new ISRG Root X1 root certificate that LE uses. And I'm unable to tell if there is even a chance ZeroSSL would help as I can't find out what CA Root Certificate ZeroSSL uses. Does anyone have more insight? Can someone confirm ZeroSSL working on a PS4 with firmware 9.00? Edited October 14, 2021 by PvB97 Link to comment Share on other sites More sharing options...
adminExitium 164 Posted October 14, 2021 Share Posted October 14, 2021 I very much doubt that the PS4 wouldn't support the Root CA for ZeroSSL: https://help.zerossl.com/hc/en-us/articles/360060198034-Legacy-Client-Compatibility-Cross-Signed-Root-Certificates Link to comment Share on other sites More sharing options...
PvB97 0 Posted October 14, 2021 Author Share Posted October 14, 2021 And let me guess, there is no way of just forcing the stupid PS4 to accept any cert, right? Link to comment Share on other sites More sharing options...
adminExitium 164 Posted October 14, 2021 Share Posted October 14, 2021 No idea. It would be simpler to just switch the certs rather than looking for ways to force the PS4 to accept the untrusted cert. Almost every ACME client supports changing the ACME server from LE to others. If that's too much of a hassle, you can also create a free account on ZeroSSL and issue a cert via the UI (which is limited to 3, whereas the ACME implementation is unlimited). Link to comment Share on other sites More sharing options...
PvB97 0 Posted October 14, 2021 Author Share Posted October 14, 2021 Okay, I have given up on getting ZeroSSL going with my current config. It's just not working at all. Are there any huge security concerns when forwarding the unencrypted port 8096 into the internet with Emby? Link to comment Share on other sites More sharing options...
Luke 36879 Posted October 14, 2021 Share Posted October 14, 2021 7 hours ago, PvB97 said: And let me guess, there is no way of just forcing the stupid PS4 to accept any cert, right? Correct, no way to do that. Link to comment Share on other sites More sharing options...
adminExitium 164 Posted October 14, 2021 Share Posted October 14, 2021 8 hours ago, PvB97 said: The issue is that the PS4 does not support the new ISRG Root X1 root certificate that LE uses. According to the below link, it does support the new ISRG root. You will need to ensure you have the latest software and change your certificate to use the alternative chain provided by LE which doesn't have the DST root in the chain. https://www.sie.com/content/dam/corporate/jp/guideline/PS4_Web_Content-Guidelines_e.pdf Link to comment Share on other sites More sharing options...
PvB97 0 Posted October 15, 2021 Author Share Posted October 15, 2021 Okay, I can now confirm that a european PS4 with current update level (version 9.00) does indeed not accept ISRG Root X1. With my cluster-f... server configuration it was quite a hassle to find the exact config file I needed to get certbot to certify using the ZeroSSL ACME-Server but ever since certifying the webserver with ZeroSSL, the PS4 is indeed able to connect again. Link to comment Share on other sites More sharing options...
Luke 36879 Posted October 15, 2021 Share Posted October 15, 2021 24 minutes ago, PvB97 said: Okay, I can now confirm that a european PS4 with current update level (version 9.00) does indeed not accept ISRG Root X1. With my cluster-f... server configuration it was quite a hassle to find the exact config file I needed to get certbot to certify using the ZeroSSL ACME-Server but ever since certifying the webserver with ZeroSSL, the PS4 is indeed able to connect again. That's interesting, thanks for the info. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now