Jump to content

Let's Encrypt for Emby


hatharry

Recommended Posts

hatharry

PowerShell script that Installs a Let's Encrypt cert using the External domain and Custom certificate path details from Emby.

 

  • Please make sure port 80 is forwarded to your Emby Server.
  • Set "Advanced - External domain" address in Emby eg. "www.myembyserver.com" .
  • If "Advanced - Custom certificate path" is not in use then a cert is created in the Emby Server directory using the filename "{yourwanaddress}.pfx". It is required to add this cert manually to the "Advanced - Custom certificate path" setting in the Emby control panel.
  • If "Advanced - Custom certificate path" is in use then the script will overwrite the old cert using the same filename.

 

Github:

https://github.com/hatharry/emby.letsencrypt/blob/master/Emby-Acme.ps1

Edited by hatharry
  • Like 6
Link to comment
Share on other sites

  • 2 weeks later...
tyr_88

I want to do SSL on local server but never done it this site only supports paid for domains that other users have post right?

https://www.sslforfree.com/

 

The script above no instructions for us noobs be nice if now tutorials were forced to provide them and that would help expand the Emby Wiki more.

 

What type of file ext. should it be saved as?

 

Where should the file/cert be placed in stock server directory? for Windows, Linux, etc?

 

Any commands to initiate the cert and what if so?

 

 

Lots of highly skilled PHP and coders around here this info should be excellent help for the growing community. Emby is growing and growing many good things on the web about it's functionality above the others and what is still to come. I have noticed most complaining from doing searches is lack of informational steps and needing more of that in the Wiki

 

Thanks

 

Win10 Emby Server

Link to comment
Share on other sites

tyr_88

See local SSL is one thing I have never done but want to after lots of searching I just see questions galore no set instructions just post by post on different topics but I found this guide from a IT took him 3.5hrs to figure this cert out now is a paid domain required as is instructed.

 

Seems worthy of a sticky if correct or posting if he is in forums?

 

Let's Encrypt, Emby Server, and Windows Intro

This how-to will guide you with getting Let's Encrypt to issue a security certificate and installing it in Emby Server running on Windows.

I created this because there was litte, if any, documentation on how to do so previously and it took me ~ 3.5 hours to figure it out.

 

https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows

Link to comment
Share on other sites

chef

This is awesome! Before I could run powers hell scripts for the first time on my machine I had to enable the ability to run powershell as a user.

 

I wonder if that'll come up?

 

This is super sweet!

Edited by chef
  • Like 1
Link to comment
Share on other sites

tyr_88

@@tyr_88, Thank you for your feedback. I have updated the original post.

 

Thanks so much life saver my friend lol

Link to comment
Share on other sites

tyr_88

Instead of purchasing domain, would this method apply to localhost CERT generated from Emby.

 

Does CERT need edited?

 

I'm not even sure how to edit a CERT I was on a thread discussing the self generated one before your reply earlier... There's so many threads it is pretty confusing I am finding this on many things I am trying to learn using targeted searching @ emby boards. Youtube tutorials are virtually non-existent.

 

If I could get half of this figured out I would contrib to some tuts. But all this info spread through threads is mind boggling.

 

 

My code skills are too out of date I have realized whew I got left in the dust I knew but dangit lol, I just found out about scrapers new to me was collecting info here and there after seeing causefx post about the same except git sourcing.

 

Search emby.media: subject     questions by far outnumber solutions then there's solutions for all except Windows from guys on Linux etc...

 

Would localhost or would it convert or need converted to local domain.com?

Link to comment
Share on other sites

tyr_88

@@tyr_88, No this will not work with localhost. It needs an external domain address. Free domain options are available eg. https://www.noip.com/free

 

 

Ok that solves that riddle I was wondering of conversion I do have set aside business name domains =2 

 

I am just a solo business operator who gets by day to day nothing big no plan on using but would have to host them instead of just keeping them parked and pay the annual domain cost to modify C name etc

 

 

I appreciate your help it has been very handy the link as well first I have seen of this site

 

Thank You

Tyr

Edited by tyr_88
Link to comment
Share on other sites

jordy

@@hatharry, looking for a little help here please.

 

I have forwarded HTTP port 80 to my server machine, I created the ps1 scrip using Notepad++ (copy and paste your code), inserted my personal email address and named it as per your suggestion - Emby-Acme.ps1

I saved it into c:\Users\Paul\Documents\Emby

When I run Powershell as Admin, changing the active directory as above and using the command ".\Emby-Acme.ps1" - nothing happens. see attached snip.

 

Can you help?

 

Thanks

 

Paul

59185858209ae_powershell.png

Edited by jordy
Link to comment
Share on other sites

jordy

Might have spoken too soon...

 

getting this now

 

59185f99202ed_powershell2.png

 

Can't find anything remotely like this in task mgr, and no cert created ???

 

EDIT: should add that a public key and other stuff is present below this statement

Edited by jordy
Link to comment
Share on other sites

jordy

@@jordy, Close all PowerShell windows and reopen PowerShell

Ok, did that and re-ran script. This time no warning msg but also no public key included and still no .pfx file created in SSL folder.

 

Sorry about this. No idea whats going on here. Should a .pfx file be created straight away or does it take a while?

 

thanks

Link to comment
Share on other sites

hatharry

@@jordy, The servers can take a while.

Until the Challenge has been verified, you should see a status of pending.

If the Challenge fails for any reason you will see a status of invalid.

If the Challenge is successful, you will see a status of valid.

 

Run the script again in a few moments

 

you can also check port 80 is open at http://canyouseeme.org/

Link to comment
Share on other sites

jordy

Port 80 is showing as open. Where would I look for the Pending / Invalid status?

 

I now get this:

 

591869671dfc6_powershell3.png

Link to comment
Share on other sites

jordy

@@jordy, updated Exceptions in script

So, if I understand this correctly the script gets updated when run? if so where do I look? :unsure:

Link to comment
Share on other sites

jordy

@@jordy, please copy script from the first post again

Ok, now we';re getting somewhere. Got lots of responses this time. BUT right at the bottom, I get this line:

 

Error creating new cert :: authorizations for these names not found or expired: xxxxxx.ddns.net

 

I'm using no-ip and the address is still valid, I just tested it. Do I have to enable letsencrypt certs it on the no-ip website or something?

 

Thanks for your patience :)

 

EDIT: checked my No-IP account and there was some details I had'nt filled in. Did that and re-ran script and now see this:

 

Cannot export PKCS12; private hasn't been imported or generated

 

I assume this means that I now wait for the key to be generated. Will the key be sent automatically or do I need to keep re-running the script until I get it?

 

thanks

Edited by jordy
Link to comment
Share on other sites

hatharry

@@jordy, the ACMEChallenge is stuck in an incomplete state. The easiest way to fix it would be to run the code below then rerun the script.

Uninstall-Module -Name ACMESharp
del C:\ProgramData\ACMESharp -Recurse -Force
Link to comment
Share on other sites

jordy

 

@@jordy, the ACMEChallenge is stuck in an incomplete state. The easiest way to fix it would be to run the code below then rerun the script.

Uninstall-Module -Name ACMESharp
del C:\ProgramData\ACMESharp -Recurse -Force

@@hatharry, ran the code above and re-ran the script. Received the Invalid error below. :(

 

Is NO-IP a valid DDNS provider for Lets Encrypt? I don't see them mentioned on the No-IP website in regards to SSL Certs.

 

post-196-0-24118300-1494827809_thumb.jpg

Edited by jordy
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...