Jump to content


Go to solution Solved by Cerothen,

Recommended Posts




I really could need some help..


I'm hosting a website on my very own server (debian latest). Bought a domain from noip.com, so I can also setup subdomains. For those I also got valid ssl certificates. My self-hosted wordpress site works well this way.


Now I want to have access to Emby from "outside".


https://blabla.com:8920 gives me NET::ERR_CERT_AUTHORITY_INVALID, most likely because I use my own certificate which doesn't cooperate with Emby!?


https://emby.blabla.com would be nice, but how do I do that? Only got subdomains working with Apache. Also it wouldn't solve my problem, right?


Trying to use my own certificate in Emby results in "ERR_CONNECTION_CLOSED".


Unencrypted http works fine, but obviously I want to avoid that. So, what can I do?

  • Like 1
Link to comment
Share on other sites

  • Solution

Did you ensure that the certificate you are trying to use with Emby is an unpassworded PFX file?


You can use openSSL to convert any certificate (+chain +key) into a pfx file then when it asks for a password just leave it blank.


This is the command line I use for my letsencrypt certs:

openssl pkcs12 -export -out hostcert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:

The "-passout pass:" deliberately doesn't have anything after it since it should be blank

  • Like 1
Link to comment
Share on other sites


Thank you for your quick reply. Since I pretty much messed up the cert files on my computer I want to re-download them from auth.startssl.com, but I cannot log in since my browsers tell me the server doesn't respond.. ??


On the other hand, I think my startssl.com.p12 file is all what I should need, still it doesn't work..


Edit: I redownloaded my certificates and followed your advice (using crt files). Now it works. Thank you a lot!


Edit2: Well it works in Chromium, Safari, but not Firefox..


Edited by wolfgang
Link to comment
Share on other sites


It kinda works now in Firefox too. Had to create a unified certificate which consists of my very own and a second one from startssl I previously downloaded already. Using this certificate I managed to create the pfx file. It works in Firefox Developer Edition completely fine, also in the Android version. Current Firefox stable gives me an error still, but I can add an exception.

Safari, Chrome (+Chromium-based), IE etc. are fine.


Good enough for now, thank you.

Link to comment
Share on other sites


I too have issues with self-created-SSL-cert

Steps taken:

- created non-password-protected cert > converted it to foo.pfx > configured it to Emby-settings

- configured local ssl-port 8920, domain blahblahblah.net, public ssl-port is 55555, local ip-address to Emby-settings

- [ x ] Report https as external address

- forwarded port 55555 > 8920 in my router

- initiated connection from internet with FF-browser: https://blahblahblah.net:55555 responds but warns about the cert > made security exception > logged in OK

- however Emby Theater Windows-client (Win 7 Pro x64) refuses to see the very same server:


Connection error - We're unable to connect to the selected server. Please ensure its running and try again


Is Emby-Theater incompatible with ssl-certs/connections?

Link to comment
Share on other sites

  • 3 weeks later...

I just added a CA signed certificate from letsencrypt.

This site is really helpful (note - google translate messes up the commands):




Also basic instructions from here:



You need to have your own domain e.g. emby.mydomain.com, and have DNS configured to point to emby servers external IP.  (inc use of DDNS service to do this. I use dnsomatic and cloudflare DNS)

You need to have port 443 open on your router and port mapped to your emby servers IP.

(This is because letsencrypt certification issuing process calls back to your server to ensure you own the domain)

git clone https://github.com/certbot/certbot
cd certbot
./certbot-auto certonly --standalone -d emby.domain.com
cd /etc/letsencrypt/live/emby.domain.com
sudo openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx


1) Because certbot spawns a root owned process, permissions for /etc/letsencrypt dirs have root-only permissions so you may need to adjust permissions)

2) When openssl asks for password pass none (enter)


Finally configure emby to use certificate at path /etc/letsencrypt/live/emby.domain.com/emby.pfx


letsencrypt certificates are valid for 3 months, so this needs to be repeated every 3 months.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...