dieffe70 8 Posted October 24, 2022 Share Posted October 24, 2022 (edited) As many may know connecting Emby to QNAP SSL Let's Encrypt certificate require some coding and this as been discussed many times here.. I wanted to do a collection of what I've found and best solution form me. I will give a manual mode that require to be repeated every three months and an automatic mode that uses crontab REQUIREMENTS: - Let's encrypt certificate on your QNAP, working and autoupdating - Ability to SSH to your QNAP - root access (sudo) or anyway an user that can use command with elevated privileges -----------------MANUAL MODE---------------------------- SSH to your NAS then: 1 - reach cert path (99% should be the same for all): cd /etc/config/QcloudSSLCertificate/cert 2 - create a p12 cert version openssl pkcs12 -export -out emby.p12 -inkey key -in cert -passout pass: note1: if you are not root/admin user you'll need to put sudo before the command (given your account have privileges to do so) note2: if you leave pass: you'll have no password set, otherwise you can write pass:mypwd where 'mypwd' is whatever you prefer 3 - on Emby settings > network in custom cert field /etc/config/QcloudSSLCertificate/cert/emby.p12 4 - put certificate password (if not empty at point 2) 5 - Save and restart Emby server Note!!: you will need to do this every 3 months, because let's encrypt certificates are updated automatically by QNAP this way. So put a warning in your calendar for not forgetting. -----------------AUTOMATIC MODE---------------------------- this is by using visual interface but you can do all this using VI editor (preinstalled in QNAP) or nano or using also SFTP to access files on qnap A - whereever on the nas with file station or from windwos ora else.. create a folder and call it as you prefer (I used CustomScripts as from sources) To obtain the 'real PATHTOSCRIPTFOLDER' needed for script you need to add /share/ to the path you see in file manager, for example: if you created folder in Archive/myfiles/CustomScripts then your pathtoscriptfolder is /share/Archive/myfiles/CustomScripts B - with text editor (e.g. notepad on windows) create a .sh file named as you prefer (used CertRenewPKSC12.sh as from source... filename for reference..) and copy inside this code now="$(date)" cd /etc/config/QcloudSSLCertificate/cert [[ -z `find cert -mmin -60` ]] if [ $? -eq 0 ] then echo "Certificate key has not changed - $now" > pathtoscriptfolder/check-pfx.log else /etc/config/QcloudSSLCertificate/cert openssl pkcs12 -export -out emby.p12 -inkey key -in cert -passout pass: echo "Created new certificate.pfx at $now" > pathtoscriptfolder/check-pfx.log fi note1: change pathtoscriptfolder with your full path to folder (see point A) note2: on line 8 if you leave pass: you'll have no password set, otherwise you can write pass:mypwd where 'mypwd' is whatever you prefer C - open the folder (in file station and drag and drop the .sh file created at point A (you can anyway modify it after using for example tex editor app directly from qnap web interface) D - SSH to your NAS 1) Run for giving correct permission to script chmod +x pathtoscriptfolder/filename (for example: chmod +x /share/Archive/CustomScripts/CertRenewPKSC12.sh 2) Run for not having issues with unix/dos file ending dos2unix pathtoscriptfolder/filename 3) test your script (go in the script folder to see if a log is generated) /bin/sh pathtoscriptfolder/filename 4) set your timing for script execution via crontab (go to https://crontab.guru/ for help in understanding timing) your code can be something like: 0 19 * * * /bin/sh pathtoscriptfolder/filename meaning: execute CertRenewPKSC12.sh every day at 19.00 5) Write your crontab in your general QNAP crontab list echo "0 19 * * * /bin/sh pathtoscriptfolder/filename" >> /etc/config/crontab 6) restart your crontab crontab /etc/config/crontab && /etc/init.d/crond.sh restart 7) verify crontab is in (should be the last) crontab -l for any detail about crontab in qnap look at https://wiki.qnap.com/wiki/Add_items_to_crontab All cudos goes to all the people who found those solution. I only collected them all Main source: https://emby.media/community/index.php?/topic/67479-how-to-connect-emby-through-qnap-letsencrypt-certificate/ Feel free to report me any error/suggestion Have fun Edited October 24, 2022 by dieffe70 2 Link to comment Share on other sites More sharing options...
Luke 37096 Posted October 24, 2022 Share Posted October 24, 2022 Hi, this is great. Thanks for sharing ! Link to comment Share on other sites More sharing options...
dieffe70 8 Posted October 25, 2022 Author Share Posted October 25, 2022 Thanks Luke, is it possible to keep the post editable? I just saw some corrections and may be some other will be needed in the future @Abobader Link to comment Share on other sites More sharing options...
Abobader 2947 Posted October 25, 2022 Share Posted October 25, 2022 6 hours ago, dieffe70 said: is it possible to keep the post editable? Good day, Sorry to say that not possible, they are time limited to edit your post, but you can report the post you need to modify explaining what need to be done, and our mod's team will do that for you, thanks. My best Link to comment Share on other sites More sharing options...
martinhorvat75 1 Posted April 28, 2023 Share Posted April 28, 2023 (edited) Hello Get this error massage [/mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert] # openssl pkcs12 -export -out emby.p12 -inkey key -in cert -passout pass:......... Can't open key for reading, No such file or directory 139639876617984:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('key','r') 139639876617984:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76: unable to load private key Pleas help , what im doing wrong. Regrads Edited April 28, 2023 by martinhorvat75 1 Link to comment Share on other sites More sharing options...
TDriver 32 Posted September 15, 2023 Share Posted September 15, 2023 Unfortunately, the instructions are out of date and no longer work under QuTS Link to comment Share on other sites More sharing options...
Luke 37096 Posted September 16, 2023 Share Posted September 16, 2023 On 9/15/2023 at 3:11 PM, TDriver said: Unfortunately, the instructions are out of date and no longer work under QuTS How so? Can you help update them? Link to comment Share on other sites More sharing options...
TDriver 32 Posted September 16, 2023 Share Posted September 16, 2023 Unfortunately, no way has been found yet. Link to comment Share on other sites More sharing options...
Luke 37096 Posted September 18, 2023 Share Posted September 18, 2023 On 9/16/2023 at 4:45 PM, TDriver said: Unfortunately, no way has been found yet. What have you tried? Link to comment Share on other sites More sharing options...
TDriver 32 Posted September 21, 2023 Share Posted September 21, 2023 Good morning Luke, I have now found a solution using a “Swag” container. A reverse proxy is set up here and gets a Lets Encrypt certificate. This works perfectly. Thank you. https://hub.docker.com/r/linuxserver/swag 1 Link to comment Share on other sites More sharing options...
dieffe70 8 Posted October 4, 2023 Author Share Posted October 4, 2023 Hi there, Sorry for late reply. I don't use QuTS but as far as I know is always based on linux kernel with changes to filesystem and else. so in my opinion if the code works on normal QTS it should work also on QuTS. May be there have been changes in folder structure but this must be checked when customizing script. The code anyway could give some problem so I changed it a bit. Please remember that the cronjob timing should be LOWER than the last modified time check in the script. For example in my script I check if the file has been changed in the last one day [ -mtime -1 ] and my cronjob runs every 22 hours. Remember to change pathtoscriptfolder with the full path to your script. Alll other instructions are stll the same now="$(date)" cd /etc/config/QcloudSSLCertificate/cert [[ -z `find cert -mtime -1` ]] if [ $? -eq 0 ] then echo "Certificate key has not changed - $now" > pathtoscriptfolder/check-pfx.log else cd /etc/config/QcloudSSLCertificate/cert openssl pkcs12 -export -out emby.p12 -inkey key -in cert -passout pass: echo "Created new certificate.pfx at $now" > pathtoscriptfolder/check-pfx.log fi 1 Link to comment Share on other sites More sharing options...
dieffe70 8 Posted October 4, 2023 Author Share Posted October 4, 2023 On 4/28/2023 at 7:17 PM, martinhorvat75 said: Hello Get this error massage [/mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert] # openssl pkcs12 -export -out emby.p12 -inkey key -in cert -passout pass:......... Can't open key for reading, No such file or directory 139639876617984:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('key','r') 139639876617984:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76: unable to load private key Pleas help , what im doing wrong. Regrads run the code from inside the cert folder and verify you have a cert file and a key file inside it Link to comment Share on other sites More sharing options...
Ikario 38 Posted October 18, 2023 Share Posted October 18, 2023 Yeah, you could get around this by using swag, NPM (would not recommend and if you are using I'd strongly suggest you migrate out of it because the gaping holes found that have not been patched because it's a one man team working on the next version) or, my preferred option, traefik. I made a post explaining how to use traefik for this, reverse proxy and other stuff you can find if you search my profile. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now