hijinx 4 Posted May 19, 2016 Share Posted May 19, 2016 I just added a CA signed certificate from letsencrypt to get HTTPS for external connections. This site is really helpful (note - google translate messes up the commands): http://blog.ouranos..../04/emby-https/ Also basic instructions from here: https://letsencrypt....etting-started/ You need to have your own domain e.g. emby.mydomain.com, and have DNS configured to point to emby servers external IP. (inc use of DDNS service to do this. I use dnsomatic and cloudflare DNS) You need to have port 443 open on your router and port mapped to your emby servers IP. (This is because letsencrypt certification issuing process calls back to your server to ensure you own the domain) git clone https://github.com/certbot/certbot cd certbot ./certbot-auto certonly --standalone -d emby.domain.com cd /etc/letsencrypt/live/emby.domain.com sudo openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx Note: 1) Because certbot spawns a root owned process, permissions for /etc/letsencrypt dirs have root-only permissions so you may need to adjust permissions) 2) When openssl asks for password pass none (enter) Finally configure emby to use certificate at path /etc/letsencrypt/live/emby.domain.com/emby.pfx letsencrypt certificates are valid for 3 months, so this needs to be repeated every 3 months. 2 Link to comment Share on other sites More sharing options...
hijinx 4 Posted May 19, 2016 Author Share Posted May 19, 2016 Just seen nice evolution of this in the forums... http://emby.media/community/index.php?/topic/34605-scriptsolutionssl-renewal-for-emby/ Thanks to Shrom Link to comment Share on other sites More sharing options...
Shrom 6 Posted May 22, 2016 Share Posted May 22, 2016 Thx I justed updated the script with your advice @hijinx Link to comment Share on other sites More sharing options...
testbug 2 Posted August 1, 2018 Share Posted August 1, 2018 Is this tutorial still relevant today? Link to comment Share on other sites More sharing options...
Luke 37133 Posted August 1, 2018 Share Posted August 1, 2018 Yes it should be. Link to comment Share on other sites More sharing options...
testbug 2 Posted August 1, 2018 Share Posted August 1, 2018 Yes it should be. Ok, thank you. Link to comment Share on other sites More sharing options...
Eddie 10 Posted February 26, 2019 Share Posted February 26, 2019 (edited) What is the recommended way to give emby access to /etc/letsencrypt/live/emby.domain.com/emby.pfx for now all i did was chmod -R 777 /etc/letsencrypt/live but im sure there is a more elegant way For people in the future here is slightly more information to get you up and running Forwarded port 443 and 80 to my server so lets encrypt can authenticate git clone https://github.com/certbot/certbot cd certbot/ ./certbot-auto certonly --standalone -d xxx.com sudo su cd /etc/letsencrypt/live/xxx.com/ sudo openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx chmod -R 777 /etc/letsencrypt/live Went to Advanced > External domain: > xxx.com Advanced > Custom ssl certificate path: > /etc/letsencrypt/live/xxx.com/emby.pfx Advanced > Secure connection mode: > Required for all remote connections and it worked flawlessly Edited February 26, 2019 by Eddie Link to comment Share on other sites More sharing options...
adventclad 4 Posted December 5, 2019 Share Posted December 5, 2019 (edited) You can have a script triggered automatically after a renewal. I wrote the following one that: removes old pfx generates a new one (with a custom password to be changed in the script)The file is generated in /var/lib/emby/cert.pfx. I advise to keep this as default as emby already have access to this folder. You should configure the admin to use this path for the certificate changes its access rights to be accessible by emby user only restarts emby-server Just create a emby.sh file in /etc/letsencrypt/renewal-hooks/post folder, and chmod +x emby.sh. #!/bin/sh set -e # Should be the same password for the certificate in emby admin PASS="emby" DEFAULT_LINEAGE="/etc/letsencrypt/live/YOUR.DOMAIN.TLD/" RENEWED_LINEAGE=${RENEWED_LINEAGE:-$DEFAULT_LINEAGE} rm -f /var/lib/emby/cert.pfx openssl pkcs12 -inkey "$RENEWED_LINEAGE/privkey.pem" -in "$RENEWED_LINEAGE/fullchain.pem" -export -out /var/lib/emby/cert.pfx -passout "pass:$PASS" chown emby:emby /var/lib/emby/cert.pfx systemctl restart emby-server echo "Emby certificate generated" Edited December 5, 2019 by adventclad 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now