Jump to content

Embedded ACMEv2 Support for Let's Encrypt


sydlexius

Recommended Posts

sydlexius

I've seen guides for end users to setup secure access to Emby, however this might be more readily adopted if Emby could automatically handle the certificate installation. I found Kestrel/.NET implementation called LettuceEncrypt that might be a good basis to start with.

  • Like 1
Link to comment
Share on other sites

sydlexius

This capability would have similar requirements that have been stated in some of the guides about setting up your own cert...namely that you need to tie the certificate to a domain.  Users could bring their own custom domain; another possibility would be to setup a Dynamic DNS service for premium subscribers (say, something like <uniquehostname>.selfhosted.emby.media).

Link to comment
Share on other sites

sydlexius
6 hours ago, Soldize said:

I have this and it works very well:

 

 

best regards

 

Among the tools I use is the Linuxserver Swag container to automate my wildcard Let's Encrypt cert updates.  My reason for proposing a tool within Emby is to hopefully offer a single, simpler solution to all the disparate configurations out there.

Link to comment
Share on other sites

rbjtech
30 minutes ago, sydlexius said:

Among the tools I use is the Linuxserver Swag container to automate my wildcard Let's Encrypt cert updates.  My reason for proposing a tool within Emby is to hopefully offer a single, simpler solution to all the disparate configurations out there.

Unlike Plex, the end user can use whatever they like for the HTTPS provider - so I would expect to see implementation and support on their 'own' implementation only.   Offering a solution for all configurations would be, imho,  an impossible task.

ie - use our solution, we will fully support you - use your own, then you are on your own (with community support only). 

Link to comment
Share on other sites

sydlexius
4 minutes ago, rbjtech said:

Unlike Plex, the end user can use whatever they like for the HTTPS provider - so I would expect to see implementation and support on their 'own' implementation only.   Offering a solution for all configurations would be, imho,  an impossible task.

ie - use our solution, we will fully support you - use your own, then you are on your own (with community support only). 

I wasn't aware that my request would take away an administrator's options for how to securely access their server remotely. Right now there is great concern over the lack of encrypted connectivity for remote sessions. I suspect that lowering the barrier to entry (while still adhering to solid practices) is a potential win for everyone in these forums. The current options require sticking to a meticulous deployment plan, of which an error at any step will leave that user in a lurch.

  • Like 1
Link to comment
Share on other sites

rbjtech
9 minutes ago, sydlexius said:

I wasn't aware that my request would take away an administrator's options for how to securely access their server remotely. Right now there is great concern over the lack of encrypted connectivity for remote sessions. I suspect that lowering the barrier to entry (while still adhering to solid practices) is a potential win for everyone in these forums. The current options require sticking to a meticulous deployment plan, of which an error at any step will leave that user in a lurch.

Apologies @sydlexius - I actually misread your proposal above and read it that you would want emby to support all configurations out there .. ☺️

We are on the same page with the end goal. :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...