Kiangbc 1 Posted September 14, 2022 Posted September 14, 2022 Hello, I'm unable to get SSL to work on my Emby server, I've been able to remote connect on http with no problems but would rather be using TLS. Currently have Emby running on Windows 10, Appropriate ports are open on router. Certificate .PFX created with Certify The Web & exported through IIS. Attached screenshots + log from Emby below, Appreciate any help embyserver.txt
Abobader 3243 Posted September 14, 2022 Posted September 14, 2022 Hello Kiangbc, ** This is an auto reply ** Please wait for someone from staff support or our members to reply to you. It's recommended to provide more info, as it explain in this thread: Thank you. Emby Team
pwhodges 1743 Posted September 14, 2022 Posted September 14, 2022 As it uses a different port from http, have you remembered to provide the additional port-mapping required? Paul 1
Kiangbc 1 Posted September 14, 2022 Author Posted September 14, 2022 Hi Paul, thanks for the reply, Do you mean forwarding port 8920 on my router too? If so, then yes I have forwarded that too. Alternatively, I also forwarded port 443 and changed the HTTPS port to 443 on Emby, but also to no avail.
Luke 38807 Posted September 14, 2022 Posted September 14, 2022 10 minutes ago, Kiangbc said: Hi Paul, thanks for the reply, Do you mean forwarding port 8920 on my router too? If so, then yes I have forwarded that too. Alternatively, I also forwarded port 443 and changed the HTTPS port to 443 on Emby, but also to no avail. But it appears you haven't changed the public facing ports in Emby Server network settings.
pwhodges 1743 Posted September 14, 2022 Posted September 14, 2022 Also, you can see that Emby is not yet handling the https, because at the top of the dashboard it's not showing the option, like this: Paul
Kiangbc 1 Posted September 14, 2022 Author Posted September 14, 2022 3 minutes ago, Luke said: But it appears you haven't changed the public facing ports in Emby Server network settings. Hi Luke, Do you mean as my ports are still 8920 on Emby? If so, that's due to the fact that I have since reverted them back to 8920 since attempting 443.
Kiangbc 1 Posted September 14, 2022 Author Posted September 14, 2022 2 minutes ago, pwhodges said: Also, you can see that Emby is not yet handling the https, because at the top of the dashboard it's not showing the option, like this: Paul Yes I am aware of this, hence adding the exact same screenshot to the original post. I just can't wrap my head around why it's not working.
Luke 38807 Posted September 14, 2022 Posted September 14, 2022 Have you tried plain http for comparison purposes?
Kiangbc 1 Posted September 14, 2022 Author Posted September 14, 2022 (edited) 4 minutes ago, Luke said: Have you tried plain http for comparison purposes? What do you mean? Can I connect remotely with http? If so, then yes as I stated in the OP. Edited September 14, 2022 by Kiangbc
pwhodges 1743 Posted September 14, 2022 Posted September 14, 2022 (edited) Your screenshots don't show the Remote port numbers which are lower down the Networking page. Odds are you haven't specified the https one. EDIT - Oops - sorry, yes they do ("Public", not "Remote"!) (Have to go out now - good luck!) Paul Edited September 14, 2022 by pwhodges
Kiangbc 1 Posted September 14, 2022 Author Posted September 14, 2022 (edited) 4 minutes ago, pwhodges said: Your screenshots don't show the Remote port numbers which are lower down the Networking page. Odds are you haven't specified the https one. Paul I have featured screenshots of the whole networking page bar the final setting "Internet streaming bitrate limit", which I thought wouldn't be relevant to this. Are these not the remote port numbers? Edit - Just spotted your edit as I posted haha! Cheers anyway for the help Paul, have a good night mate! Edited September 14, 2022 by Kiangbc
Q-Droid 827 Posted September 14, 2022 Posted September 14, 2022 The server is not able to open your certificate store. Could be permissions or password. 2022-09-14 18:33:32.324 Error App: Error loading cert from F:\SSL\Emby.pfx *** Error Report *** Version: 4.7.6.0 Command line: E:\system\EmbyServer.dll -noautorunwebapp Operating system: Microsoft Windows 10.0.19043 Framework: .NET 6.0.7 OS/Process: x64/x64 Runtime: E:/system/System.Private.CoreLib.dll Processor count: 12 Data path: E:\programdata Application path: E:\system Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied. 1
Happy2Play 9140 Posted September 14, 2022 Posted September 14, 2022 Yep as Q pointed out a certificate issue as you first image still using 8096 is a key giveaway. As cert will dictate whether 8920 is used or fallback to http/8096.
Kiangbc 1 Posted September 14, 2022 Author Posted September 14, 2022 Can't work out what was wrong with the cert as the password is definitely correct as I have just re-exported the cert from IIS again this time with a simple password (also exporting to Emby directory instead of a different drive) & it still won't work. So I have ultimately decided to revert everything on GoDaddy, IIS & Certify back to the state they were in before trying all this and just attempt it again tomorrow. Shall update if I have any luck tomorrow, I've likely just messed something up along the way as I was doing it alongside other things.
Happy2Play 9140 Posted September 14, 2022 Posted September 14, 2022 The topic would appear to point to cerficate issue also. WindowsCryptographicException: Access denied. - General/Windows - Emby Community
Kiangbc 1 Posted September 14, 2022 Author Posted September 14, 2022 12 minutes ago, Happy2Play said: The topic would appear to point to cerficate issue also. WindowsCryptographicException: Access denied. - General/Windows - Emby Community Cheers for the help boss, if retrying from Certify The Web doesn't work I'll try SSL for Free.
rbjtech 4807 Posted September 14, 2022 Posted September 14, 2022 (edited) Couple of extra things to try a) - Untick use Automatic Port Mapping b) - uninstall the port mapper plugin if you are manually port forwarding in your router (advisable - upnp is a security risk) c) - ensure emby service account has access to the SSL folder - maybe put the pfx in the emby system folder for testing. d) - check the cert using 'cerutil' to check the password etc Edited September 14, 2022 by rbjtech 1
Kiangbc 1 Posted September 14, 2022 Author Posted September 14, 2022 Was nagging away at me so gave it one last try before bed. Small W managed to get Emby to recognize the cert, no idea what I did differently this time. Still unable to actually connect though, when clicking the link or just inputting the domain into the browser it's unable to load and says "ERR_CONNECTION_REFUSED", have just likely muddled something up on GoDaddy when reverting things back though. Tomorrows another day .-. 1
rbjtech 4807 Posted September 15, 2022 Posted September 15, 2022 (edited) 24 minutes ago, Kiangbc said: Was nagging away at me so gave it one last try before bed. Small W managed to get Emby to recognize the cert, no idea what I did differently this time. Still unable to actually connect though, when clicking the link or just inputting the domain into the browser it's unable to load and says "ERR_CONNECTION_REFUSED", have just likely muddled something up on GoDaddy when reverting things back though. Tomorrows another day .-. Remember unless you have WAN loopback setup on your router, you will need to test external access from outside your own LAN - via maybe a VPN or 4/5G connection on your phone with wifi turned off. I think you are almost there .. Edited September 15, 2022 by rbjtech
Happy2Play 9140 Posted September 15, 2022 Posted September 15, 2022 6 hours ago, Kiangbc said: 've been able to remote connect on http with no problems You mentioned port 8096 was/is functional but have you verified 8920 is open? Are you depending on Port Mapper or have you setup Port Forwarding?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now