hatharry 84 Posted May 6, 2017 Share Posted May 6, 2017 (edited) PowerShell script that Installs a Let's Encrypt cert using the External domain and Custom certificate path details from Emby. Please make sure port 80 is forwarded to your Emby Server. Set "Advanced - External domain" address in Emby eg. "www.myembyserver.com" . If "Advanced - Custom certificate path" is not in use then a cert is created in the Emby Server directory using the filename "{yourwanaddress}.pfx". It is required to add this cert manually to the "Advanced - Custom certificate path" setting in the Emby control panel. If "Advanced - Custom certificate path" is in use then the script will overwrite the old cert using the same filename. Github: https://github.com/hatharry/emby.letsencrypt/blob/master/Emby-Acme.ps1 Edited November 19, 2018 by hatharry 6 Link to comment Share on other sites More sharing options...
Luke 37051 Posted May 6, 2017 Share Posted May 6, 2017 Very cool, thanks! What operating systems are supported? Link to comment Share on other sites More sharing options...
hatharry 84 Posted May 6, 2017 Author Share Posted May 6, 2017 @@Luke Windows for now, it is using the ACMESharp library. 1 Link to comment Share on other sites More sharing options...
tyr_88 4 Posted May 14, 2017 Share Posted May 14, 2017 I want to do SSL on local server but never done it this site only supports paid for domains that other users have post right? https://www.sslforfree.com/ The script above no instructions for us noobs be nice if now tutorials were forced to provide them and that would help expand the Emby Wiki more. What type of file ext. should it be saved as? Where should the file/cert be placed in stock server directory? for Windows, Linux, etc? Any commands to initiate the cert and what if so? Lots of highly skilled PHP and coders around here this info should be excellent help for the growing community. Emby is growing and growing many good things on the web about it's functionality above the others and what is still to come. I have noticed most complaining from doing searches is lack of informational steps and needing more of that in the Wiki Thanks Win10 Emby Server Link to comment Share on other sites More sharing options...
tyr_88 4 Posted May 14, 2017 Share Posted May 14, 2017 See local SSL is one thing I have never done but want to after lots of searching I just see questions galore no set instructions just post by post on different topics but I found this guide from a IT took him 3.5hrs to figure this cert out now is a paid domain required as is instructed. Seems worthy of a sticky if correct or posting if he is in forums? Let's Encrypt, Emby Server, and Windows Posted on 2017/01/01by Ben Hooper in IT IntroThis how-to will guide you with getting Let's Encrypt to issue a security certificate and installing it in Emby Server running on Windows. I created this because there was litte, if any, documentation on how to do so previously and it took me ~ 3.5 hours to figure it out. https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows Link to comment Share on other sites More sharing options...
hatharry 84 Posted May 14, 2017 Author Share Posted May 14, 2017 @@tyr_88, Thank you for your feedback. I have updated the original post. 1 Link to comment Share on other sites More sharing options...
chef 3745 Posted May 14, 2017 Share Posted May 14, 2017 (edited) This is awesome! Before I could run powers hell scripts for the first time on my machine I had to enable the ability to run powershell as a user. I wonder if that'll come up? This is super sweet! Edited May 14, 2017 by chef 1 Link to comment Share on other sites More sharing options...
tyr_88 4 Posted May 14, 2017 Share Posted May 14, 2017 @@tyr_88, Thank you for your feedback. I have updated the original post. Thanks so much life saver my friend lol Link to comment Share on other sites More sharing options...
tyr_88 4 Posted May 14, 2017 Share Posted May 14, 2017 Instead of purchasing domain, would this method apply to localhost CERT generated from Emby. Does CERT need edited? I'm not even sure how to edit a CERT I was on a thread discussing the self generated one before your reply earlier... There's so many threads it is pretty confusing I am finding this on many things I am trying to learn using targeted searching @ emby boards. Youtube tutorials are virtually non-existent. If I could get half of this figured out I would contrib to some tuts. But all this info spread through threads is mind boggling. My code skills are too out of date I have realized whew I got left in the dust I knew but dangit lol, I just found out about scrapers new to me was collecting info here and there after seeing causefx post about the same except git sourcing. Search emby.media: subject questions by far outnumber solutions then there's solutions for all except Windows from guys on Linux etc... Would localhost or would it convert or need converted to local domain.com? Link to comment Share on other sites More sharing options...
hatharry 84 Posted May 14, 2017 Author Share Posted May 14, 2017 @@tyr_88, No this will not work with localhost. It needs an external domain address. Free domain options are available eg. https://www.noip.com/free 1 Link to comment Share on other sites More sharing options...
tyr_88 4 Posted May 14, 2017 Share Posted May 14, 2017 (edited) @@tyr_88, No this will not work with localhost. It needs an external domain address. Free domain options are available eg. https://www.noip.com/free Ok that solves that riddle I was wondering of conversion I do have set aside business name domains =2 I am just a solo business operator who gets by day to day nothing big no plan on using but would have to host them instead of just keeping them parked and pay the annual domain cost to modify C name etc I appreciate your help it has been very handy the link as well first I have seen of this site Thank You Tyr Edited May 14, 2017 by tyr_88 Link to comment Share on other sites More sharing options...
jordy 284 Posted May 14, 2017 Share Posted May 14, 2017 (edited) @@hatharry, looking for a little help here please. I have forwarded HTTP port 80 to my server machine, I created the ps1 scrip using Notepad++ (copy and paste your code), inserted my personal email address and named it as per your suggestion - Emby-Acme.ps1 I saved it into c:\Users\Paul\Documents\Emby When I run Powershell as Admin, changing the active directory as above and using the command ".\Emby-Acme.ps1" - nothing happens. see attached snip. Can you help? Thanks Paul Edited May 14, 2017 by jordy Link to comment Share on other sites More sharing options...
hatharry 84 Posted May 14, 2017 Author Share Posted May 14, 2017 @@jordy, remove the quotes ("") Link to comment Share on other sites More sharing options...
jordy 284 Posted May 14, 2017 Share Posted May 14, 2017 @@jordy, remove the quotes ("") Thanks. All good. Link to comment Share on other sites More sharing options...
jordy 284 Posted May 14, 2017 Share Posted May 14, 2017 (edited) Might have spoken too soon... getting this now Can't find anything remotely like this in task mgr, and no cert created ??? EDIT: should add that a public key and other stuff is present below this statement Edited May 14, 2017 by jordy Link to comment Share on other sites More sharing options...
hatharry 84 Posted May 14, 2017 Author Share Posted May 14, 2017 @@jordy, Close all PowerShell windows and reopen PowerShell Link to comment Share on other sites More sharing options...
jordy 284 Posted May 14, 2017 Share Posted May 14, 2017 @@jordy, Close all PowerShell windows and reopen PowerShell Ok, did that and re-ran script. This time no warning msg but also no public key included and still no .pfx file created in SSL folder. Sorry about this. No idea whats going on here. Should a .pfx file be created straight away or does it take a while? thanks Link to comment Share on other sites More sharing options...
hatharry 84 Posted May 14, 2017 Author Share Posted May 14, 2017 @@jordy, The servers can take a while. Until the Challenge has been verified, you should see a status of pending. If the Challenge fails for any reason you will see a status of invalid. If the Challenge is successful, you will see a status of valid. Run the script again in a few moments you can also check port 80 is open at http://canyouseeme.org/ Link to comment Share on other sites More sharing options...
jordy 284 Posted May 14, 2017 Share Posted May 14, 2017 Port 80 is showing as open. Where would I look for the Pending / Invalid status? I now get this: Link to comment Share on other sites More sharing options...
hatharry 84 Posted May 14, 2017 Author Share Posted May 14, 2017 @@jordy, updated Exceptions in script Link to comment Share on other sites More sharing options...
jordy 284 Posted May 14, 2017 Share Posted May 14, 2017 @@jordy, updated Exceptions in script So, if I understand this correctly the script gets updated when run? if so where do I look? Link to comment Share on other sites More sharing options...
hatharry 84 Posted May 14, 2017 Author Share Posted May 14, 2017 @@jordy, please copy script from the first post again Link to comment Share on other sites More sharing options...
jordy 284 Posted May 14, 2017 Share Posted May 14, 2017 (edited) @@jordy, please copy script from the first post again Ok, now we';re getting somewhere. Got lots of responses this time. BUT right at the bottom, I get this line: Error creating new cert :: authorizations for these names not found or expired: xxxxxx.ddns.net I'm using no-ip and the address is still valid, I just tested it. Do I have to enable letsencrypt certs it on the no-ip website or something? Thanks for your patience EDIT: checked my No-IP account and there was some details I had'nt filled in. Did that and re-ran script and now see this: Cannot export PKCS12; private hasn't been imported or generated I assume this means that I now wait for the key to be generated. Will the key be sent automatically or do I need to keep re-running the script until I get it? thanks Edited May 14, 2017 by jordy Link to comment Share on other sites More sharing options...
hatharry 84 Posted May 15, 2017 Author Share Posted May 15, 2017 @@jordy, the ACMEChallenge is stuck in an incomplete state. The easiest way to fix it would be to run the code below then rerun the script. Uninstall-Module -Name ACMESharp del C:\ProgramData\ACMESharp -Recurse -Force Link to comment Share on other sites More sharing options...
jordy 284 Posted May 15, 2017 Share Posted May 15, 2017 (edited) @@jordy, the ACMEChallenge is stuck in an incomplete state. The easiest way to fix it would be to run the code below then rerun the script. Uninstall-Module -Name ACMESharp del C:\ProgramData\ACMESharp -Recurse -Force @@hatharry, ran the code above and re-ran the script. Received the Invalid error below. Is NO-IP a valid DDNS provider for Lets Encrypt? I don't see them mentioned on the No-IP website in regards to SSL Certs. Edited May 15, 2017 by jordy Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now