FireTV Stick problem with my certificate.

[Leinad86 6]

Hi, everyone,

I have recently recoded my entire media library to h265 with tdarr.
I have now noticed that when I e.g. wants to play a film and it does not need to be transcoded, it does not start. Only the loading symbol can be seen. If I then turn on the playback correction, the film runs without problems. The problem exists with all generations of the FireTv Stick. Also tested with the 4K MAX.
If I repeatedly try to play the film it works out of 10x maybe 1x that he starts the film without playback correction.
As soon as the film needs to be transcoded, there are no problems.
Emby runs on Unraid in a docker and was on beta 4.7.0.22 until yesterday. I then switched to the stable 4.6.7.0. Without improvement

On IOS\Android phones, there is no problem playing the movies directly.

Do you also have such problems, and when did you get them solved?
Created fresh logs. I managed to start the film once without playback correction.
Transcode logs are also included.

I would be happy if you could help me

embyserver.txt ffmpeg-transcode-1dca2101-caf8-4cd8-ad56-8767fa56ea50_1.txt ffmpeg-transcode-d3028e75-6e56-46fc-8964-e3f7acf39bae_1.txt

Edited February 5, 2022 by Leinad86

[rbjtech 4588]

Eric ( @ebr) will probably need to see a Log directly from the app when the DirectPlay error occurs - so turn on Debug logging (in the App) and then give details when you sent the log from the App itself following a failure.

Is this remote streaming btw ?  As I notice you are using HTTPS ?

If yes, did you try setting the 'Allow Untrusted Certificates' in the Emby playback config in the App ?  (I'm sure the cert is trusted, or HLS would not work, but worth trying).

[Leinad86 6]

Thank you for your prompt reply.

I'm streaming from home, I didn't even notice the https. I've now switched to deactivated in the settings for secure connection mode. Now HTTP is there as a stream type and everything runs without problems. Can start any movie without problems. Before that, the setting was Managed by Reverse Proxy. What's funny is that I set it back to reverse proxy and it still works now. I'll test it remotely. I included a few users who always access remotely and there have never been any problems with it so far. How can that be explained?

[Sammy 757]

I’ve had this same problem. Checking settings and reporting back. 

[Leinad86 6]

Just tested remotely with my girlfriend.

As soon as I have something other than disabled in the settings, it doesn't work.

If deactivated everything runs without problems.

Thanks for the tip

[ebr 15186]

Hi.  Which version of the app are you using?

[Leinad86 6]

Hi, i testet it on App Version 2.0.48a 

Some User Report me that the Problem is still there. Some Other User Report everything is Running Fine! Any Suggestions? 

[ebr 15186]

It could possibly be a certificate problem.  You could try the  beta release of the app

 

 

[Leinad86 6]

I have now tested the beta with a few users who had problems up until then.

All users with the current beta version 2.0.64a no longer have any problems. There are also no more errors displayed in the dashboard (errors in direct playback) and the playback correction no longer needs to be used.

I will keep testing it.

Since there are no problems with this beta version and with IOS/Android smartphones, it can't be a certificate problem, can it?

When can I expect the beta to be available normally in the Appstore? Or do I now have to manually update all devices to the beta?

To me it looks like a problem with the Emby for FireTv app only.

Many Greetings

[rbjtech 4588]

So this is why I hinted on it being a possible Certificate problem.

I won't go into details - but in summary, different devices trust different root Certificates (they shouldn't, but they do..) - and when you said FireTV was the 'problem' that may be because your personal Certificate has a 'trust' issue with Amazon/FireTV.

By ticking the option in the FireTV App to 'trust' all certificates (in itself not a very good idea, but that's another discussion..) - you have bypassed the Cert check and thus it works.  This option is only in the current Beta App.

If you have TLS/SSL working on other devices - my recommendation is to not just use HTTP to bypass the problem

I hope that helps.

 

Edited February 6, 2022 by rbjtech

[ebr 15186]

Hi.  As rbj indicated, yes, if the beta works then that pretty much proves to me it is the certificate not being trusted by the device.

[Leinad86 6]

ok and how can i fix the problem with the certificate? is there a certificate that is specific to and for the devices? How do I know which certificate is the right one? when do we get this option in the stable version? Many greetings

[rbjtech 4588]

Who is your emby TLS Cert provider ?

There were some issues recently with certs provided by LetsEncrypt on some older devices - but I use LetsEncrypt myself and even on Gen 2 FireTV devices, I did not experience any issues.

You can use a browser to check the cert (click the padlock and see f it's all valid) or you can use certutil on windows to check, or there are many tools in the open-ssl suite.

[Leinad86 6]

I never really understood that with these certificates. Then I found a guide where it was done with Cloudflare. I took over this and since then it has been running for almost 2 years without any problems.
When will the trust' all certificates option make it into the stable? I know it's not the optimal solution, but this certificate thing doesn't want to go into my head xD

Edited February 7, 2022 by GrimReaper
Hid details

[rbjtech 4588]

ok - Cert looks good - btw, I would remove the details from this public forum ...

If 'trust all certs' works in beta, then there must be some issue with Cloudflare and Amazon - you may need to take it up with them I'm afraid.

 

[ebr 15186]

Sorry but I cannot tell you exactly when this beta will go live.  It shouldn't be too much longer but we are waiting on some things to get further along in the server beta as well.

[Leinad86 6]

Okay then I know for now. Yesterday tried to find problems with Cloudflare certificates in connection with Amazon.

Unfortunately I didn't find anything about it. Only that there are probably problems with LetsEncrypt certificates on TVs. The manufacturers did not update the root certificates in the devices or left them out.

There are also numerous reports in the Plex forum. But unfortunately none that is connected to Cloudflare and FireTv Sticks.

I am now switching the clients to the beta version. If you release a new stable, can I update it normally via the app store or do I have to delete the beta version first and then reload the stable from the store?

When a new beta comes out, do I always have to install it manually? Or can I somehow update it?

[ebr 15186]

6 hours ago, Leinad86 said:

When a new beta comes out, do I always have to install it manually?

On the Fire platform, yes you will need to update manually.

[Leinad86 6]

Hello, another question on the subject. I have the same problem now with the LG APP. Is there a beta app I can install?

If the beta app is installed on the Fire TV Stick and all certificates are trusted, is the connection still encrypted?

Have Secure Connection Settings set to Required in the server settings. With the beta app I can stream without any problems and the playback method shows HTTPS. Is the connection encrypted and only the insecure certificate is trusted? Or is that only displayed and the connection is not encrypted?

Which certificate file should one take that is currently running on all devices? Is there a list?

There are no problems on Apple devices, Android smartphones or web browsers. I also recreated the certificate at Cloudflare, unfortunately without success.
Do you have any information whether e.g. LG will update the root certificates at some point?

I'm considering switching everyone to FireTv Stick as long as the connection is still encrypted

Thanks to all

[ebr 15186]

8 hours ago, Leinad86 said:

is the connection still encrypted?

Yes.  The encryption is still there.  The certificate is supposed to ensure that you are actually talking to the server you think you are (and not someone spoofing it).  That is the part that does not work when you just allow the untrusted cert.

[Luke 37994]

@Leinad86 have your questions been answered?

[Leinad86 6]

Hi, i found the problem. It was a page rule at Cloudflare. I must have messed things up when creating the other 2 rules. When I deactivated this rule, everything went immediately without any problems. No more loading symbol and all formats are played directly. Also have the secure connection is required activated again. Also tested with the stable version of the FireTV Stick. Everything is going great. Now let's see what the users say. Especially those who have the LG TVS.
Thank you for your support

 

[Luke 37994]

Thanks for the feedback !