Jump to content

Unable to get SSL connection working.


Kiangbc

Recommended Posts

Hello,

I'm unable to get SSL to work on my Emby server, I've been able to remote connect on http with no problems but would rather be using TLS.

Currently have Emby running on Windows 10, Appropriate ports are open on router.

Certificate .PFX created with Certify The Web & exported through IIS.

Attached screenshots + log from Emby below,

Appreciate any help :)

image.png

image.png

image.png

embyserver.txt

Link to comment
Share on other sites

Hello Kiangbc,

** This is an auto reply **

Please wait for someone from staff support or our members to reply to you.

It's recommended to provide more info, as it explain in this thread:


Thank you.

Emby Team

Link to comment
Share on other sites

pwhodges

As it uses a different port from http, have you remembered to provide the additional port-mapping required?

Paul

  • Like 1
Link to comment
Share on other sites

Hi Paul, thanks for the reply,

Do you mean forwarding port 8920 on my router too? If so, then yes I have forwarded that too.

Alternatively, I also forwarded port 443 and changed the HTTPS port to 443 on Emby, but also to no avail.

Link to comment
Share on other sites

10 minutes ago, Kiangbc said:

Hi Paul, thanks for the reply,

Do you mean forwarding port 8920 on my router too? If so, then yes I have forwarded that too.

Alternatively, I also forwarded port 443 and changed the HTTPS port to 443 on Emby, but also to no avail.

But it appears you haven't changed the public facing ports in Emby Server network settings.

Link to comment
Share on other sites

pwhodges

Also, you can see that Emby is not yet handling the https, because at the top of the dashboard it's not showing the option, like this:

image.jpeg.02193b948a85ddf2293f7f3d30374b69.jpeg

Paul

Link to comment
Share on other sites

3 minutes ago, Luke said:

But it appears you haven't changed the public facing ports in Emby Server network settings.

Hi Luke,

Do you mean as my ports are still 8920 on Emby? If so, that's due to the fact that I have since reverted them back to 8920 since attempting 443.

Link to comment
Share on other sites

2 minutes ago, pwhodges said:

Also, you can see that Emby is not yet handling the https, because at the top of the dashboard it's not showing the option, like this:

image.jpeg.02193b948a85ddf2293f7f3d30374b69.jpeg

Paul

Yes I am aware of this, hence adding the exact same screenshot to the original post. I just can't wrap my head around why it's not working.

Link to comment
Share on other sites

4 minutes ago, Luke said:

Have you tried plain http for comparison purposes?

What do you mean? Can I connect remotely with http? If so, then yes as I stated in the OP.

Edited by Kiangbc
Link to comment
Share on other sites

pwhodges

Your screenshots don't show the Remote port numbers which are lower down the Networking page.  Odds are you haven't specified the https one.

EDIT - Oops - sorry, yes they do ("Public", not "Remote"!)

(Have to go out now - good luck!)

Paul

Edited by pwhodges
Link to comment
Share on other sites

4 minutes ago, pwhodges said:

Your screenshots don't show the Remote port numbers which are lower down the Networking page.  Odds are you haven't specified the https one.

Paul

I have featured screenshots of the whole networking page bar the final setting "Internet streaming bitrate limit", which I thought wouldn't be relevant to this.

Are these not the remote port numbers?

image.png.9b0bee30bdafb10fc58cf2216ec3d04e.png

 

Edit - Just spotted your edit as I posted haha! Cheers anyway for the help Paul, have a good night mate!

Edited by Kiangbc
Link to comment
Share on other sites

Q-Droid

The server is not able to open your certificate store. Could be permissions or password.

2022-09-14 18:33:32.324 Error App: Error loading cert from F:\SSL\Emby.pfx
        *** Error Report ***
        Version: 4.7.6.0
        Command line: E:\system\EmbyServer.dll -noautorunwebapp
        Operating system: Microsoft Windows 10.0.19043
        Framework: .NET 6.0.7
        OS/Process: x64/x64
        Runtime: E:/system/System.Private.CoreLib.dll
        Processor count: 12
        Data path: E:\programdata
        Application path: E:\system
        Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied.
 

  • Like 1
Link to comment
Share on other sites

Happy2Play

Yep as Q pointed out a certificate issue as you first image still using 8096 is a key giveaway.  As cert will dictate whether 8920 is used or fallback to http/8096.

Link to comment
Share on other sites

Can't work out what was wrong with the cert as the password is definitely correct as I have just re-exported the cert from IIS again this time with a simple password (also exporting to Emby directory instead of a different drive) & it still won't work.

So I have ultimately decided to revert everything on GoDaddy, IIS & Certify back to the state they were in before trying all this and just attempt it again tomorrow.

Shall update if I have any luck tomorrow, I've likely just messed something up along the way as I was doing it alongside other things.

Link to comment
Share on other sites

rbjtech

Couple of extra things to try

a) - Untick use Automatic Port Mapping

b) - uninstall the port mapper plugin if you are manually port forwarding in your router (advisable - upnp is a security risk)

c) - ensure emby service account has access to the SSL folder - maybe put the pfx in the emby system folder for testing.

d) - check the cert using 'cerutil' to check the password etc

Edited by rbjtech
  • Like 1
Link to comment
Share on other sites

Was nagging away at me so gave it one last try before bed.

Small W managed to get Emby to recognize the cert, no idea what I did differently this time.

image.png.f484cb67599507fbf7fffca0f9ed8c1b.png

 

Still unable to actually connect though, when clicking the link or just inputting the domain into the browser it's unable to load and says "ERR_CONNECTION_REFUSED", have just likely muddled something up on GoDaddy when reverting things back though.

Tomorrows another day .-.

  • Like 1
Link to comment
Share on other sites

rbjtech
24 minutes ago, Kiangbc said:

Was nagging away at me so gave it one last try before bed.

Small W managed to get Emby to recognize the cert, no idea what I did differently this time.

image.png.f484cb67599507fbf7fffca0f9ed8c1b.png

 

Still unable to actually connect though, when clicking the link or just inputting the domain into the browser it's unable to load and says "ERR_CONNECTION_REFUSED", have just likely muddled something up on GoDaddy when reverting things back though.

Tomorrows another day .-.

Remember unless you have WAN loopback setup on your router, you will need to test external access from outside your own LAN - via maybe a VPN or 4/5G connection on your phone with wifi turned off.

I think you are almost there .. 👍

Edited by rbjtech
Link to comment
Share on other sites

Happy2Play
6 hours ago, Kiangbc said:

've been able to remote connect on http with no problems

You mentioned port 8096 was/is functional but have you verified 8920 is open?

Are you depending on Port Mapper or have you setup Port Forwarding?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...