jarome 0 Posted November 27, 2021 Share Posted November 27, 2021 Emby is useless to me unless it uses encryption. How do I enable this on OpenSUSE LEAP15.3? Also, I bought a pro key, but the page to enter the key does not accept any input! (Edge and Firefox). Link to comment Share on other sites More sharing options...
jarome 0 Posted November 27, 2021 Author Share Posted November 27, 2021 So I entered the key in the server console, and that worked, and I found out how to set up https. But it is not yet working. I have letsencrypt certs It the /etc/letsencrypt/live/myserver/ directory, I did openssl pkcs12 -export -out keyStore.p12 -inkey privkey.pem -in cert.pem and put the path to keyStore.p12 in the ssl setup page, and restarted the server. Even https://localhost:8920 does not connect. What am I doing wrong? Link to comment Share on other sites More sharing options...
jarome 0 Posted November 28, 2021 Author Share Posted November 28, 2021 (edited) How do I debug this? Emby is NOT listening on 8920, just 8096. jarfx:/opt/emby-server # netstat -tulpn | grep EmbyServer tcp6 0 0 :::8096 :::* LISTEN 14903/EmbyServer udp 0 0 192.168.1.5:49802 0.0.0.0:* 14903/EmbyServer udp 0 0 0.0.0.0:1900 0.0.0.0:* 14903/EmbyServer udp 0 0 0.0.0.0:53523 0.0.0.0:* 14903/EmbyServer udp 0 0 127.0.0.1:60676 0.0.0.0:* 14903/EmbyServer udp6 0 0 :::7359 :::* 14903/EmbyServer Edited November 28, 2021 by jarome Link to comment Share on other sites More sharing options...
Luke 37213 Posted November 28, 2021 Share Posted November 28, 2021 Quote and put the path to keyStore.p12 Hi, the server is expecting a pfx file, not p12. Please let us know if this helps. Thanks. Link to comment Share on other sites More sharing options...
Happy2Play 8351 Posted November 28, 2021 Share Posted November 28, 2021 22 minutes ago, Luke said: Hi, the server is expecting a pfx file, not p12. Please let us know if this helps. Thanks. I thought this did not matter? Link to comment Share on other sites More sharing options...
Q-Droid 670 Posted November 28, 2021 Share Posted November 28, 2021 There's a README file in the letsencrypt/live/servername directory with some useful details. cat README This directory contains your keys and certificates. `privkey.pem` : the private key for your certificate. `fullchain.pem`: the certificate file used in most server software. `chain.pem` : used for OCSP stapling in Nginx >=1.3.7. `cert.pem` : will break many server configurations, and should not be used without reading further documentation (see link below). We recommend not moving these files. For more information, see the Certbot User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates. LetsEncrypt has intermediate certs in its chain and you want to include those in your cert store (PKCS12 file), hence the fullchain.pem. openssl pkcs12 -export -in <path to fullchain.pem> -inkey <path to privkey.pem> -out <path to PKCS12 file> Create a directory in the emby user home (/var/lib/emby) for the cert store, something like /var/lib/emby/ssl owned by emby. Copy, move or directly create the PKCS12 file in that directory then make sure it's owned by emby. chown -R emby:emby /var/lib/emby/ssl. Update the path in the Emby server console -> Network settings and restart. If it's working you're set. If not then attach the server log created right after restart. Link to comment Share on other sites More sharing options...
Solution jarome 0 Posted November 28, 2021 Author Solution Share Posted November 28, 2021 Before I did not use fullchain.pem. Now i did: /etc/letsencrypt/live/jarfx.dyndns.org # openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out emby.pex Enter Export Password: Changed the cert name in networking, and restarted the server. Had to change permissions too. Now it works! Jim Link to comment Share on other sites More sharing options...
Luke 37213 Posted November 29, 2021 Share Posted November 29, 2021 Thanks for the feedback ! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now