Don't save PKCS12 for your Emby SSL cert to config - it will DOS you

[SanguineWren 5]

 

Figured I would post my own stupidity here so others can hopefully avoid the same pitfall.

 

For context; I knew absolutely nothing about Emby like 10 months ago, decided to buy a Synology, and setup my own server after watching a friend who is a WebAdmin do it. Everything I learned how to do was trial and error mixed with the forums for my ISP, my domain host / SSL Cert provider, and this support forum.

 

After a lot of painstaking effort, I first got Emby to work locally on my home network, then gave it WAN access over http://myhomeIPaddress. After that, I bought a domain, from Namecheap, but since Namecheap isn't one of the options in a Synology's dropdown for Dynamic DNS, I had to use someone's script to add the option to select Namecheap to the DSM 7 UI. Last but not least, I bought an SSL cert and was on the home stretch! I installed it in the Emby Web UI where it says "path to PKCS12 file" and took the prompt to restart Emby. 

 

What I find REALLY weird is, it let me restart the server and get back online once, but the cert didn't work - I was getting ERR_CONNECTION_REFUSED in my browser when going to https://mydomain.name:8920, but http://mydomain.name:8096 and https://myserverIPaddress:8096 were still working... then I rebooted again, and the Emby docker would start, then promptly fail within 30 seconds and was stuck in an infinite loop that way. When looking at the Synology logs, it kept saying the following over and over:

I originally panicked, thinking I had destroyed my server for good - I started by checking my SSL cert info from Namecheap, that was good, then checking Synology's certificates section; also good, and then downloading a whole new image, copying all of my settings for the docker itself - that did nothing, and then finally, trying another docker for a different application entirely. When that docker started without issue, I knew it had to be something with either the docker itself or the config file, since those were the only two things I had changed and another docker / the Synology itself, were both working just fine.

As it turns out, the .pfx file I had generated for the field,

under Manage Emby Server > Network > Custom ssl certificate path: Path to a PKCS #12 file containing a certificate and private key to enable TLS support on a custom domain.

was stored in a path that the Emby Docker DID NOT like for whatever reason. I had it in its own folder, but because it was nested under config, that's what turned out to be causing the start fail loop.

 

 

Hopefully me posting this bonehead move saves someone else some pain.

 

On the bright side, I finally did get the SSL cert installed properly and now all my external traffic to my Emby server is secure! Woohoo!

 

[Luke 37112]

Hi, thanks for sharing your experience in setting this up.