Luke 37064 Posted June 25, 2017 Share Posted June 25, 2017 We're using the wkwebview for iOS and it does not offer an API to manually accept certificates. There is an open ticket with webkit about this so hopefully it gets resolved for iOS11. However, even if this gets done, accepting self signed certs is not the direction we want to go in because there will still be lots of there platforms where it just isn't possible to force it to be accepted. Link to comment Share on other sites More sharing options...
Swynol 375 Posted June 26, 2017 Share Posted June 26, 2017 with how easy it is to get a lets encrypt cert these days I dont think its really an issue. To the average user, using HTTP will be fine for them. If some is more security conscious then enabling HTTPS starts with getting your own cert not by using a self signed cert. Link to comment Share on other sites More sharing options...
milanp 0 Posted August 11, 2017 Share Posted August 11, 2017 (edited) I've installed this and has been running smoothly for 60+ days. Today I received notification from let's encrypt that certificates will expire in 19 days. Running the script gives this output: IdentifierPart : ACMESharp.Messages.IdentifierPart IdentifierType : dns Identifier : xxxxx.ddns.net Uri : Status : pending Expires : 8/18/2017 6:52:11 AM Challenges : {, , } Combinations : {0, 1, 2} An item with the same key has already been added. I will go on holiday in a week and I need this for my chromecast that I will take with me. Any suggestions? What should I do ? Edited August 11, 2017 by milanp Link to comment Share on other sites More sharing options...
hatharry 85 Posted August 11, 2017 Author Share Posted August 11, 2017 (edited) @@milanp I've updated the script to make a new cert everytime the identifier expires. This should allow the creation of a new cert before the old one expires. Edited August 11, 2017 by hatharry Link to comment Share on other sites More sharing options...
milanp 0 Posted August 11, 2017 Share Posted August 11, 2017 Many thanks for your effort and prompt response Hatharry. Unfortunately, I am facing the same output with the updated script: An item with the same key has already been added. This is what I did: 0. Reboot the server to stop any powershell scripts running 1. Started command prompt as administrator 2. Started powershell 3. Started Emby-Acme.ps1 with emby server running and got the message: An item with the same key has already been added. After that I rebooted the server, to avoid any powershell scripts running, and stopped the emby server. Tried the script again, and got the same message The folder c:\users\..\AppData\Roaming\Emby-Server\ssl has the old pfx file. What should I try next ? Link to comment Share on other sites More sharing options...
milanp 0 Posted August 11, 2017 Share Posted August 11, 2017 (edited) Meanwhile I renamed the old certificate in ssl folder of Emby-Server. Reran the script and got this output: IdentifierPart : ACMESharp.Messages.IdentifierPart IdentifierType : dns Identifier : xxxxx.ddns.net Uri : Status : pending Expires : 8/18/2017 10:38:42 AM Challenges : {, , } Combinations : {0, 2, 1} An item with the same key has already been added The Combinations line is different: With the old script: Combinations : {0, 1, 2} With the new script:: {0, 2, 1} Any ideas ? Edited August 11, 2017 by milanp Link to comment Share on other sites More sharing options...
milanp 0 Posted August 14, 2017 Share Posted August 14, 2017 Hatharry, The script works as it should. The problem was my configuration of Microsot IIS. Thanks. Link to comment Share on other sites More sharing options...
totalhavoc 13 Posted August 14, 2017 Share Posted August 14, 2017 Hatharry, The script works as it should. The problem was my configuration of Microsot IIS. Thanks. What was wrong with your IIS config? I'm running into the same "an item with the same key has already been added" error Link to comment Share on other sites More sharing options...
totalhavoc 13 Posted August 14, 2017 Share Posted August 14, 2017 I have been trying to get this to work all afternoon on my 2012 R2 server. I can seem to get it to get past the verification challenge. I keep getting "an item with the same key has already been added" at that part. Link to comment Share on other sites More sharing options...
milanp 0 Posted August 15, 2017 Share Posted August 15, 2017 All the information I found on internet about LetsEncrypt was stating that windows implementation relies heavily on MS IIS. The script from Hatharry was perfect for me,it configured everything and I never bothered to learn more, until I ran into problem. Looking through the web, especially here: https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows I checked the IIS server manager, and found out that I have not configured IIS fo emby at all. I added the website for Emby server in IIS, and the certificate problem was gone. If you need details, follow the excellent guide in the link, Step 2: IIS, 11. Configure the web site ... Link to comment Share on other sites More sharing options...
totalhavoc 13 Posted August 15, 2017 Share Posted August 15, 2017 (edited) My All the information I found on internet about LetsEncrypt was stating that windows implementation relies heavily on MS IIS. The script from Hatharry was perfect for me,it configured everything and I never bothered to learn more, until I ran into problem. Looking through the web, especially here: https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows I checked the IIS server manager, and found out that I have not configured IIS fo emby at all. I added the website for Emby server in IIS, and the certificate problem was gone. If you need details, follow the excellent guide in the link, Step 2: IIS, 11. Configure the web site ... Thanks for the reply but my problem is different. ACMESharp is not loading the IIS handler for some reason which is breaking the script. I finally gave up last night and did what I should have months ago. I added a second Letsencrypt cert for emby to my Synology nas. I setup a scheduled task to renew it monthly so I know exactly when it renews instead of the "about a month before it expires". The script then exports the cert to a share and emby loads that one. No need to have a useless IIS install. Edited August 15, 2017 by totalhavoc Link to comment Share on other sites More sharing options...
SilentException 6 Posted August 17, 2017 Share Posted August 17, 2017 (edited) Thanks for the script @@hatharry As I recently struggled to get this thing working, here are some insights on what I needed to do and add in the script to get things working. 1. Don't forget to run PowerShell as Administrator 2. Don't touch port configuration under Emby Advanced settings. ACMESharp doesn't use Emby HTTP server to authenticate your server but built-in Windows IIS HTTP server. 3. You will need to forward port on your router while first running or renewing your certificate. Forward port 80 to your server IP port 80 (or whatever port your IIS is running on). Important part is that external port should be 80. 4. Instructions in first post about changing email were a bit unclear as script contains two "mailto:" parts. Basically, change this line:New-ACMERegistration -Contacts mailto:mailto:somebody@example.org -AcceptTosto this (replace red part with your email):New-ACMERegistration -Contacts mailto:john.doe@example.com -AcceptTos5. I also had issues because my hostname started with a digit. As alias is created from the hostname and alias cannot start with a digit. I replaced alias creation code:$alias = "$($address.Split(".")[0])-$(get-date -format yyyy-MM-dd--HH-mm)"with added string "emby-" on the beginning of the alias. $alias = "emby-$($address.Split(".")[0])-$(get-date -format yyyy-MM-dd--HH-mm)Also keep in mind that total alias length shouldn't exceed 50 characters and it has some other restrictions as well. Basically use alphanumeric characters, _, -, + and you should be fine. Or change alias creation not to include hostname altogether. 6. Finally and perhaps most important, AcmeSharp IIS handler was not present on my machine and that was the reason for "An item with the same key has already been added." error. Script needs to be modified (bold lines added):Install-PackageProvider -Name NuGet -ForceInstall-Module -Name ACMESharp -AllowClobber -ForceInstall-Module -Name ACMESharp.Providers.IIS -ForceImport-Module ACMESharpEnable-ACMEExtensionModule -ModuleName ACMESharp.Providers.IISif (-not (Get-ACMEVault)){ Initialize-ACMEVault}This will force install and enable the ACMESharp IIS provider. OK, Hope that helps someone save couple of hours I wasted. But at least I have certificate now. What would be awesome functionality to add to the script is UPNP or web request to the router to enable port forwarding at script start and disable it on script end. Edited August 17, 2017 by SilentException 2 Link to comment Share on other sites More sharing options...
SilentException 6 Posted August 22, 2017 Share Posted August 22, 2017 Me again. Since I hate doing anything manually and script/schedule as much as I can, I've now found a simple way to open a router port on the router using UPnP and have created a simple wrapper script to - open a port - call Let's Encrypt script to get/update certificate - close a port You need the script from the first post, PortMapper JAR and this wrapper script in the same folder. Also, java. Create a scheduled task calling this wrapper script and forget thinking about refreshing certificate Start-Process -NoNewWindow -FilePath javaw -ArgumentList '-jar', 'portmapper-2.0.0.jar', '-add', '-internalPort', '80', '-externalPort', '80', '-protocol', 'tcp', '-description', 'TempIIS' & ".\Emby-LetsEncrypt.ps1" Start-Process -NoNewWindow -FilePath javaw -ArgumentList '-jar', 'portmapper-2.0.0.jar', '-delete', '-externalPort', '80', '-protocol', 'tcp' Just replace Emby-LetsEncrypt.ps1 with the filename you have for the script from first post. Link to comment Share on other sites More sharing options...
WilhelmStroker 96 Posted November 9, 2017 Share Posted November 9, 2017 I used the script from the first post to install a LetsEncrypt script a few months back, and as I just got the email to renew, I re-ran the script. I'm getting the following errors: Name Version Source Summary---- ------- ------ -------nuget 2.8.5.208 https://onege...NuGet provider for the OneGet meta-package manager WARNING: The version '0.9.1.326' of module 'ACMESharp' is currently in use. Retry the operation after closing theapplications.WARNING: The version '0.9.1.326' of module 'ACMESharp' is currently in use. Retry the operation after closing theapplications.Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information. Not sure what to look at to resolve this..anyone any ideas? Link to comment Share on other sites More sharing options...
beeker 0 Posted November 11, 2017 Share Posted November 11, 2017 I also go the error Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information. Uninstalling the ACMESharp modules prior to running the script seemed to fix that, although took a restart for the uninstall to run without errors. uninstall-module ACMESharp.Providers.IIS uninstall-module ACMESharp After doing that running the script started giving "failed to resolve extension link" errors. That was caused by the extension link file pointing to the old version. So I edited that file (C:\ProgramData\ACMESharp\sys-exts\ACMESharp.Providers.IIS.extlnk)to point to the new version, and after that it finally seemed happy enough to run. Link to comment Share on other sites More sharing options...
Luke 37064 Posted November 11, 2017 Share Posted November 11, 2017 Thanks @@beeker ! Link to comment Share on other sites More sharing options...
WilhelmStroker 96 Posted November 28, 2017 Share Posted November 28, 2017 I kept getting the error `an item with the same key has already been added' when running the script to renew my certificate.In the end I used the manual steps from https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windowsCertify failed with an error that config checks failed to verify IIS can serve extensionless files.I also got an http 500 error when browsing to the C:\inetpub\Emby\.well-known\acme-challenge website (same from external).In the end a combination of the steps from the first post here:https://github.com/ebekker/ACMESharp/issues/15 and setting the delegation settings that were read only to read write as described here:https://stackoverflow.com/questions/9794985/iis-this-configuration-section-cannot-be-used-at-this-path-configuration-lock/12867753#12867753 fixed the issue. I'll definitely give the script another go in 3 months to see if the item with the same key error was related to the extensionless files issue. Link to comment Share on other sites More sharing options...
etrax 0 Posted November 30, 2017 Share Posted November 30, 2017 (edited) I kept getting the error `an item with the same key has already been added' when running the script to renew my certificate.In the end I used the manual steps from https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows Certify failed with an error that config checks failed to verify IIS can serve extensionless files. I also got an http 500 error when browsing to the C:\inetpub\Emby\.well-known\acme-challenge website (same from external). In the end a combination of the steps from the first post here: https://github.com/ebekker/ACMESharp/issues/15 and setting the delegation settings that were read only to read write as described here:https://stackoverflow.com/questions/9794985/iis-this-configuration-section-cannot-be-used-at-this-path-configuration-lock/12867753#12867753 fixed the issue. I'll definitely give the script another go in 3 months to see if the item with the same key error was related to the extensionless files issue. I got the same error "an item with the same key has already been added" I got it working by renaming C:\ProgramData\ACMESharp to ACMESharp.old then running the script again Think its something with the files in C:\ProgramData\ACMESharp\sysVault Edited November 30, 2017 by etrax Link to comment Share on other sites More sharing options...
WilhelmStroker 96 Posted February 6, 2018 Share Posted February 6, 2018 I got the same error "an item with the same key has already been added" I got it working by renaming C:\ProgramData\ACMESharp to ACMESharp.old then running the script again Think its something with the files in C:\ProgramData\ACMESharp\sysVault That didn't work for me as I received the same error "an item with the same key has already been added" after renaming that folder and rerunning the script. The cert renewed without issues through Certify The Web though. Link to comment Share on other sites More sharing options...
FesterHead 0 Posted May 13, 2018 Share Posted May 13, 2018 Aloha all - Given: Let's Encrypt successfully configured and automated on a Synology NAS Emby Server installed, configured, and operational on a Windows machine Synology NAS and Emby Server on same lan WORKING_FOLDER "Z:\OpenSSL - Let's Encrypt", this is a network share mapped to the Synology drive, it could be anywhere Latest Win64 OpenSSL installed from Shining Light Productions PFX will have no password, add it to the script and Emby if you'd like Caveat: While Let's Encrypt is automated on the Synology NAS, this procedure is not I set calendar reminders to do this every three months Disclaimer: This WORKS FOR ME Your mileage, experience, and outcome may vary Not responsible for destroyed systems If in doubt, don't go out; turn around, don't drown Step 01 - Log in to Synology and export Let's Enrypt certificate Control Panel > Security > Certificate > select DOMAIN that has Let's Encrypt enabled > Export certificate Step 02 - Rename archive.zip to today's date; not really necessary to rename but I keep a historical archive Step 03 - Copy zip file to WORKING_FOLDER and extract overwriting existing files Step 04 - Double-click create_pfx.bat and verify cert.pfx file timestamp updated Step 05 - Log into Emby, enter PFX file path on Expert > Advanced page, and restart to load new certificate; my path looks like: \\192.168.86.26\home\OpenSSL - Let's Encrypt\cert.pfx Contents of create_pfx.bat file: @[member="Echo"] off pushd "Z:\" cd "OpenSSL - Let's Encrypt" C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out cert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass: Enjoy and have a great day. Link to comment Share on other sites More sharing options...
larsonDigital 7 Posted July 26, 2018 Share Posted July 26, 2018 By chance does somebody have a step-by-step using CertifyTheWeb to create the Let's Encrypt SSL Certificate for Emby? Please?! Thanks in advance! James Link to comment Share on other sites More sharing options...
larsonDigital 7 Posted July 26, 2018 Share Posted July 26, 2018 Hello all again, I just saw the tutorial at https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows. Looks right on! So a couple of follow up questions ... I already have a subdomain of my own domain setup for Access Anywhere (VPN & RDP via Essentials Dashboard), which also uses Web Server (IIS), on my Windows Server 2016 Standard server. As a result, I already have that subdomain setup through nameCheap.com for DDNS and IIS installed and running, so I'm good on the steps in the tutorial up to that point. To access my server remotely, I go to https://remote.<mydomain>.com/remote. Will following the tutorial to setup Emby interfere with my existing setup (as explained above)? I'm thinking not, but trying to be careful. Following the tutorial, can I use https://remote.<mydomain>.com/mediaas my domain name to separate it from my remote access (as explained above)? Thank you for any help with this in advance!! James Link to comment Share on other sites More sharing options...
Guest Posted November 19, 2018 Share Posted November 19, 2018 (edited) Hello everyone, Fresh noob here - I am trying to setup SSL certificate to use HTTPS. I have run the script and troubleshooted some things but I am stuck with this error now: Did not receive a completed Identifiter At C:\Users\administrator\Desktop\Emby-Acme.ps1:78 char:13 + throw "Did not receive a completed Identifiter" + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (Did not receive a completed Identifiter:String) [], RuntimeException + FullyQualifiedErrorId : Did not receive a completed Identifiter Here is what I did so far: 1) I edited the script and added my email to this line: New-ACMERegistration -Contacts mailto:mailto:somebody@example.org -AcceptTos 2) I ran the script in powershell as admin (but fails with above error) 3) In my emby server settings (Expert -> advanced) , I checked off: allow remote connections to this Emby Server. In the field: "External domain", I added a domain name: www.xxx.com (I don't have to actually own this do I? Can it be any generic domain name that I make up?) Thank you for your help. P.S: I absolutely love Emby! I'll be purchasing a lifetime pass soon Edited November 19, 2018 by EmbyMediaz Link to comment Share on other sites More sharing options...
chowbok 77 Posted November 19, 2018 Share Posted November 19, 2018 3) In my emby server settings (Expert -> advanced) , I checked off: allow remote connections to this Emby Server. In the field: "External domain", I added a domain name: www.xxx.com (I don't have to actually own this do I? Can it be any generic domain name that I make up?) Well, no, it has to be your domain. How else would people connect to you remotely? Link to comment Share on other sites More sharing options...
Smasher 3 Posted December 22, 2021 Share Posted December 22, 2021 Does anyone have an updated version, that can manage the "lets encrypt acme challenge" ? Thanks in advance. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now