wolfgang 17 Posted April 18, 2016 Share Posted April 18, 2016 Hi, I really could need some help.. I'm hosting a website on my very own server (debian latest). Bought a domain from noip.com, so I can also setup subdomains. For those I also got valid ssl certificates. My self-hosted wordpress site works well this way. Now I want to have access to Emby from "outside". https://blabla.com:8920 gives me NET::ERR_CERT_AUTHORITY_INVALID, most likely because I use my own certificate which doesn't cooperate with Emby!? https://emby.blabla.com would be nice, but how do I do that? Only got subdomains working with Apache. Also it wouldn't solve my problem, right? Trying to use my own certificate in Emby results in "ERR_CONNECTION_CLOSED". Unencrypted http works fine, but obviously I want to avoid that. So, what can I do? 1 Link to comment Share on other sites More sharing options...
Solution Cerothen 89 Posted April 18, 2016 Solution Share Posted April 18, 2016 Did you ensure that the certificate you are trying to use with Emby is an unpassworded PFX file? You can use openSSL to convert any certificate (+chain +key) into a pfx file then when it asks for a password just leave it blank. This is the command line I use for my letsencrypt certs: openssl pkcs12 -export -out hostcert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: The "-passout pass:" deliberately doesn't have anything after it since it should be blank 1 Link to comment Share on other sites More sharing options...
wolfgang 17 Posted April 18, 2016 Author Share Posted April 18, 2016 (edited) Thank you for your quick reply. Since I pretty much messed up the cert files on my computer I want to re-download them from auth.startssl.com, but I cannot log in since my browsers tell me the server doesn't respond.. ?? On the other hand, I think my startssl.com.p12 file is all what I should need, still it doesn't work.. Edit: I redownloaded my certificates and followed your advice (using crt files). Now it works. Thank you a lot! Edit2: Well it works in Chromium, Safari, but not Firefox.. "SEC_ERROR_UNKNOWN_ISSUER" Edited April 18, 2016 by wolfgang Link to comment Share on other sites More sharing options...
wolfgang 17 Posted April 25, 2016 Author Share Posted April 25, 2016 It kinda works now in Firefox too. Had to create a unified certificate which consists of my very own and a second one from startssl I previously downloaded already. Using this certificate I managed to create the pfx file. It works in Firefox Developer Edition completely fine, also in the Android version. Current Firefox stable gives me an error still, but I can add an exception. Safari, Chrome (+Chromium-based), IE etc. are fine. Good enough for now, thank you. Link to comment Share on other sites More sharing options...
H3kt0r 0 Posted April 30, 2016 Share Posted April 30, 2016 I too have issues with self-created-SSL-cert Steps taken: - created non-password-protected cert > converted it to foo.pfx > configured it to Emby-settings - configured local ssl-port 8920, domain blahblahblah.net, public ssl-port is 55555, local ip-address to Emby-settings - [ x ] Report https as external address - forwarded port 55555 > 8920 in my router - initiated connection from internet with FF-browser: https://blahblahblah.net:55555 responds but warns about the cert > made security exception > logged in OK - however Emby Theater Windows-client (Win 7 Pro x64) refuses to see the very same server: Connection error - We're unable to connect to the selected server. Please ensure its running and try again Is Emby-Theater incompatible with ssl-certs/connections? Link to comment Share on other sites More sharing options...
hijinx 4 Posted May 19, 2016 Share Posted May 19, 2016 I just added a CA signed certificate from letsencrypt. This site is really helpful (note - google translate messes up the commands): http://blog.ouranos.fr/index.php/2016/01/04/emby-https/ Also basic instructions from here: https://letsencrypt.org/getting-started/ You need to have your own domain e.g. emby.mydomain.com, and have DNS configured to point to emby servers external IP. (inc use of DDNS service to do this. I use dnsomatic and cloudflare DNS) You need to have port 443 open on your router and port mapped to your emby servers IP. (This is because letsencrypt certification issuing process calls back to your server to ensure you own the domain) git clone https://github.com/certbot/certbot cd certbot ./certbot-auto certonly --standalone -d emby.domain.com cd /etc/letsencrypt/live/emby.domain.com sudo openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx Note: 1) Because certbot spawns a root owned process, permissions for /etc/letsencrypt dirs have root-only permissions so you may need to adjust permissions) 2) When openssl asks for password pass none (enter) Finally configure emby to use certificate at path /etc/letsencrypt/live/emby.domain.com/emby.pfx letsencrypt certificates are valid for 3 months, so this needs to be repeated every 3 months. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now