Jump to content

yet another ssl setup problem post


Go to solution Solved by Q-Droid,

Recommended Posts

Posted (edited)

I read through the SSL Made Easy tome.   The original post showing instructions for ssl setup was good (although I already knew it) but the rest did nothing for me. I'd like to describe my SSL problem and hopefully get some ideas for what I'm doing wrong.

I used certbot to create the privkey.pem and cert.pem files.  Then I did 

Quote

openssl pkcs12 -export -out /var/lib/emby/data/emby.p12  -inkey /etc/letsencrypt/live/<domain>/privkey.pem -in /etc/letsencrypt/live/<domain>/cert.pem

I left the password blank.  The resulting emby.p12 file looks good.  I extracted the key file from it which matched the original.

Then I set the network settings to...

Quote

Public https port number: 8920

Custom ssl certificate path: /var/lib/emby/data/emby.p12

Certificate password: <empty>

External domain: <domain>

Secure connection mode: Preferred, but not required

It saved with no problem.  Then I rebooted the server.  The address "http://<domain>:8096/" worked fine. I tried the address: "https://<domain>:8920" and got "<domain> refused to connect."  I have no proxy or firewall.  Others can try these URLS from outside but they will only get the login page.  The log from the reboot I mentioned is attached.  By an amazing coincidence the log starts at exactly midnight.

 

Any ideas for things to try would be appreciated.

embyserver (3).txt

Edited by seanbuff
removed public domain
  • Solution
Posted

The emby server rotates the logs at midnight and this one does not include the server startup information from the reboot. Just restart the emby server and post that new log to see why it doesn't work with the new keystore.

You probably want to edit out your domain from the posts above.

Change your openssl command to this to include the intermediate certs, insert <your domain> below:

openssl pkcs12 -export -out /var/lib/emby/data/emby.p12  -inkey /etc/letsencrypt/live/<your domain>/privkey.pem -in /etc/letsencrypt/live/<your domain>/fullchain.pem

Then chown emby:emby /var/lib/emby/data/emby.p12

Restart emby server.

 

  • Agree 1
Posted

> The emby server rotates the logs at midnight

How embarrassing .  I feel like an idiot.  I did the reboot near midnight. 

I've enclosed the new log.  It was exactly noon!   You've given me lots to try.  Thanks.  I'll be back, hopefully with good news.

embyserver (4).txt

Posted

That fixed it.  Thank you very much for the precise instructions.  Much shorter thread than SSL Made Easy.

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...