mchahn 20 Posted December 13, 2024 Posted December 13, 2024 (edited) I read through the SSL Made Easy tome. The original post showing instructions for ssl setup was good (although I already knew it) but the rest did nothing for me. I'd like to describe my SSL problem and hopefully get some ideas for what I'm doing wrong. I used certbot to create the privkey.pem and cert.pem files. Then I did Quote openssl pkcs12 -export -out /var/lib/emby/data/emby.p12 -inkey /etc/letsencrypt/live/<domain>/privkey.pem -in /etc/letsencrypt/live/<domain>/cert.pem I left the password blank. The resulting emby.p12 file looks good. I extracted the key file from it which matched the original. Then I set the network settings to... Quote Public https port number: 8920 Custom ssl certificate path: /var/lib/emby/data/emby.p12 Certificate password: <empty> External domain: <domain> Secure connection mode: Preferred, but not required It saved with no problem. Then I rebooted the server. The address "http://<domain>:8096/" worked fine. I tried the address: "https://<domain>:8920" and got "<domain> refused to connect." I have no proxy or firewall. Others can try these URLS from outside but they will only get the login page. The log from the reboot I mentioned is attached. By an amazing coincidence the log starts at exactly midnight. Any ideas for things to try would be appreciated. embyserver (3).txt Edited December 14, 2024 by seanbuff removed public domain
Solution Q-Droid 827 Posted December 13, 2024 Solution Posted December 13, 2024 The emby server rotates the logs at midnight and this one does not include the server startup information from the reboot. Just restart the emby server and post that new log to see why it doesn't work with the new keystore. You probably want to edit out your domain from the posts above. Change your openssl command to this to include the intermediate certs, insert <your domain> below: openssl pkcs12 -export -out /var/lib/emby/data/emby.p12 -inkey /etc/letsencrypt/live/<your domain>/privkey.pem -in /etc/letsencrypt/live/<your domain>/fullchain.pem Then chown emby:emby /var/lib/emby/data/emby.p12 Restart emby server. 1
mchahn 20 Posted December 13, 2024 Author Posted December 13, 2024 > The emby server rotates the logs at midnight How embarrassing . I feel like an idiot. I did the reboot near midnight. I've enclosed the new log. It was exactly noon! You've given me lots to try. Thanks. I'll be back, hopefully with good news. embyserver (4).txt
mchahn 20 Posted December 14, 2024 Author Posted December 14, 2024 That fixed it. Thank you very much for the precise instructions. Much shorter thread than SSL Made Easy. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now