Handl3vogn 6 Posted January 9, 2018 Share Posted January 9, 2018 (edited) Hello, After updating embyserver to dotnetcore on my unraid server I got som problems when connecting to my embyserver web page. Problem only happens when the browser has newer seen my certificate before. If I connect to another site eg port https://mydomain:443 insted of https://mydomain:8920 and back to 8920 it says everything is secure. But if the first time I connect is to emby server i get site not trusted certificate error. So its important to delete all appdata for browser on each try. I'm doing this by uninstall/install firefox on my android phone. I have tried to setup emby on different platforms and got these result: Embyserver dotnetcore: Ubuntu 17.10 vm = Get certificate error Embyserver dotnetcore: Docker on Unraid = Get certificate error Embyserver dotnetcore: Windows 10 VM = OK Embyserver mono : Docker on Unraid = OK So after these test I belive there is something whit the dotnetcore version on Linux Here is server log from mono version and dotnetcore version running on unraid Any help on this topic would be much appreciated monoLog.txt netcoreLog.txt Edited January 9, 2018 by Handl3vogn 1 Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 10, 2018 Author Share Posted January 10, 2018 (edited) Here are som pictures maybe these will help.port 8920 is running Versjon 3.2.60.0 mono dockerport 8921 is running Versjon 3.2.60.0 dotnetcore docker Same Certification file is used on both servers. Edited January 10, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 10, 2018 Share Posted January 10, 2018 I wonder if it's due to the browser having saved data about your previous cert from the same domain. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 10, 2018 Author Share Posted January 10, 2018 (edited) I wonder if it's due to the browser having saved data about your previous cert from the same domain. Hello, Browsers is completely reset all application data for that browser is removed so I dont think that is the case This also happens when I connect from computers I normally don't use. Eg hotel computer or at work. And the strange thing is when running mono or windows version of emby I have no errors. I can create 2 test servers for you mono/netcore and give you login if that wold help? Edited January 10, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
dcrdev 251 Posted January 11, 2018 Share Posted January 11, 2018 Can you request the site using cURL: curl https://domain.coom:port If that doesn't return an error, then it's the browser - otherwise it's something else. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 11, 2018 Author Share Posted January 11, 2018 (edited) Can you request the site using cURL: curl https://domain.coom:port If that doesn't return an error, then it's the browser - otherwise it's something else. Hello, Curl on netcore server port 8921 gives this: curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. and if I try the mono server on port 8920 I get no output. Edited January 11, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
dcrdev 251 Posted January 11, 2018 Share Posted January 11, 2018 Interesting - That would seem to suggest you're introducing an invalid certificate chain to that pfx. Can you verify that the serve is actually attaching a cert chain: echo | \ openssl s_client -servername domain.com -connect domain.com:port 2>/dev/null | \ openssl x509 -text ^ Obviously strip that of personal details before posting Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 11, 2018 Author Share Posted January 11, 2018 This is what I get [user@@arch ~]$ echo | openssl s_client -servername domain.com -connect domain.mydns.org:8921 2>/dev/null | openssl x509 -text Certificate: Data: Version: 3 (0x2) Serial Number: 04:05:aa:52:8d:06:35:d6:98:b6:34:0e:e2:8b:bb:4e:7a:7c Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Validity Not Before: Jan 6 21:07:56 2018 GMT Not After : Apr 6 21:07:56 2018 GMT Subject: CN = domain.mydns.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:f4:76:f4:3c:b4:8f:81:e3:14:f5:30:b8:e4:d3: 80:6d:09:79:82:f8:e8:a9:04:59:d3:26:a7:b7:e3: 28:ce:24:77:6f:04:df:e6:65:83:2e:3c:29:04:1e: 46:57:55:83:b4:dd:74:b2:6a:b1:49:25:69:e4:1e: d0:bc:ef:06:64:21:3e:eb:b3:33:ba:1f:9c:ce:ab: 72:be:0f:34:ab:60:68:3d:1b:71:4c:26:e3:0b:19: 80:19:c7:9b:e2:6c:27:3a:a0:9d:89:ed:3c:75:63: 22:62:85:7f:56:b0:ab:53:c8:53:a1:87:6d:bd:86: fe:7e:cf:bd:7e:db:70:b8:ec:d4:f7:1a:33:2a:1b: d1:9c:6a:dd:14:e4:58:38:59:2e:9c:41:03:d4:cd: da:61:b5:c1:cc:80:b9:f0:ea:f4:52:21:d3:a4:cc: 2b:2a:4c:a7:9a:ea:ee:35:8f:7c:bf:79:df:40:6b: f1:ee:a1:45:8c:75:fb:d0:9d:e6:32:c5:ef:0d:c4: e4:76:82:a1:f4:6b:7a:75:5a:4d:45:5b:fb:3c:99: 8b:ab:f4:43:a2:31:11:76:3f:f3:fe:45:6b:e6:0b: 99:48:75:aa:68:e9:5e:f1:7b:08:87:e0:a8:57:c2: 9c:84:6d:24:57:d9:4c:99:d3:f3:bb:52:60:08:df: 06:dd:cd:f8:52:48:9c:6f:c9:d5:7f:7a:04:05:e6: 2c:e0:f4:c3:66:7c:68:55:12:a2:9c:0f:6e:01:d1: e4:10:8a:0a:88:b4:7f:5a:44:97:4c:96:25:5b:a9: 54:13:e5:2b:d6:cf:ca:6b:62:4c:c1:db:59:52:a2: 6e:c0:0e:e7:dc:f5:1a:78:29:bb:95:b6:db:eb:92: 82:64:bf:7e:3f:e5:dd:f1:74:a6:4f:83:65:43:98: 1b:81:58:13:92:0d:c3:cb:88:7d:b1:ce:22:10:7a: e7:a7:1a:8b:c4:48:66:aa:9e:0a:8e:77:6c:e1:54: 5f:5a:2f:18:65:60:ab:10:e8:65:c0:9a:33:6b:84: c4:0b:bb:79:45:14:e7:99:fe:18:aa:58:eb:64:b2: ae:e9:fc:97:cf:f8:7a:b8:81:c4:d6:38:0f:db:32: 68:1a:22:c3:99:c6:87:c8:58:f1:da:b3:08:24:96: 86:45:dd:81:87:e6:86:60:07:af:9f:a1:2d:fa:a5: c3:d5:ed:39:d7:b7:cc:78:d8:16:05:71:11:83:90: f3:8d:c6:2c:f5:db:20:53:c2:7f:d5:cd:2d:49:01: ce:73:bb:aa:ff:9b:84:e4:0b:af:ee:67:e5:d2:48: 99:c3:6c:31:4d:a9:aa:57:94:e7:52:84:08:41:20: 20:e6:e9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: F1:BF:51:EF:4F:AF:25:32:4D:A6:D8:99:70:E9:09:6C:18:97:0D:19 X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ X509v3 Subject Alternative Name: DNS:domain.mydns.org, DNS:www.domain.mydns.org X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org User Notice: Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/ Signature Algorithm: sha256WithRSAEncryption 83:c7:57:d6:d6:7f:c3:f7:89:cb:a9:d2:89:2d:7e:1d:fc:0d: f6:9e:47:92:42:b0:67:43:f9:74:c8:e2:59:30:10:19:34:f1: 25:d0:7c:a6:e5:40:fd:41:6f:ba:7f:95:29:51:a0:22:65:25: 83:62:8d:55:4f:6a:8e:7b:a8:58:e4:39:67:3c:de:21:ba:8f: 24:7a:8c:46:af:40:3f:c3:68:d6:bf:c4:2e:22:33:7c:c1:5d: c7:71:6f:1e:72:d8:d6:35:b2:e5:5d:27:8f:34:d9:bd:15:af: b7:cd:5e:fe:04:3f:94:9f:00:5a:30:99:e5:6e:15:6d:55:ae: ec:b8:7f:68:08:07:b1:01:e8:b7:d1:03:7d:8f:4b:17:7b:a0: 8c:d1:b8:4f:81:86:68:8e:b9:07:c8:40:0c:9b:34:90:69:79: f8:85:04:21:3f:35:ee:01:47:da:3a:9b:dd:f7:af:03:1b:81: 8b:54:38:c1:7a:43:26:5f:9b:39:36:b6:66:7e:06:68:6f:5e: f8:bd:02:97:15:52:9e:d6:79:34:8b:49:87:1e:6b:35:d1:12: 50:66:e5:b1:d5:c4:30:e1:38:c9:a3:9a:01:80:55:2c:86:b4: ed:e9:bf:44:c7:8c:11:6d:0a:f5:61:6c:06:9f:14:3b:dc:c5: b0:88:75:c7-----BEGIN CERTIFICATE-----MIIGKzCCBROgAwIBAgISBAWqUo0GNdaYtjQO4ou7Tnp8MA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAxMDYyMTA3NTZaFw0xODA0MDYyMTA3NTZaMCExHzAdBgNVBAMTFmhhbmRsM3ZvZ24uZHVja2Rucy5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD0dvQ8tI+B4xT1MLjk04BtCXmC+OipBFnTJqe34yjOJHdvBN/mZYMuPCkEHkZXVYO03XSyarFJJWnkHtC87wZkIT7rszO6H5zOq3K+DzSrYGg9G3FMJuMLGYAZx5vibCc6oJ2J7Tx1YyJihX9WsKtTyFOhh229hv5+z71+23C47NT3GjMqG9Gcat0U5Fg4WS6cQQPUzdphtcHMgLnw6vRSIdOkzCsqTKea6u41j3y/ed9Aa/HuoUWMdfvQneYyxe8NxOR2gqH0a3p1Wk1FW/s8mYur9EOiMRF2P/P+RWvmC5lIdapo6V7xewiH4KhXwpyEbSRX2UyZ0/O7UmAI3wbdzfhSSJxvydV/egQF5izg9MNmfGhVEqKcD24B0eQQigqItH9aRJdMliVbqVQT5SvWz8prYkzB21lSom7ADufc9Rp4KbuVttvrkoJkv34/5d3xdKZPg2VDmBuBWBOSDcPLiH2xziIQeuenGovESGaqngqOd2zhVF9aLxhlYKsQ6GXAmjNrhMQLu3lFFOeZ/hiqWOtksq7p/JfP+Hq4gcTWOA/bMmgaIsOZxofIWPHaswgkloZF3YGH5oZgB6+foS36pcPV7TnXt8x42BYFcRGDkPONxiz12yBTwn/VzS1JAc5zu6r/m4TkC6/uZ+XSSJnDbDFNqapXlOdShAhBICDm6QIDAQABo4ICMjCCAi4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTxv1HvT68lMk2m2Jlw6QlsGJcNGTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMD0GA1UdEQQ2MDSCFmhhbmRsM3ZvZ24uZHVja2Rucy5vcmeCGnd3dy5oYW5kbDN2b2duLmR1Y2tkbnMub3JnMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAIPHV9bWf8P3icup0oktfh38DfaeR5JCsGdD+XTI4lkwEBk08SXQfKblQP1Bb7p/lSlRoCJlJYNijVVPao57qFjkOWc83iG6jyR6jEavQD/DaNa/xC4iM3zBXcdxbx5y2NY1suVdJ4802b0Vr7fNXv4EP5SfAFowmeVuFW1Vruy4f2gIB7EB6LfRA32PSxd7oIzRuE+BhmiOuQfIQAybNJBpefiFBCE/Ne4BR9o6m933rwMbgYtUOMF6QyZfmzk2tmZ+BmhvXvi9ApcVUp7WeTSLSYceazXRElBm5bHVxDDhOMmjmgGAVSyGtO3pv0THjBFtCvVhbAafFDvcxbCIdcc=-----END CERTIFICATE----- Link to comment Share on other sites More sharing options...
dcrdev 251 Posted January 11, 2018 Share Posted January 11, 2018 Looks like the chain is incomplete - Might this be an out of date image? Emby my not have an up-to-date certificate bundle available. Try pulling the image again, if that doesn't work I'd contact the author of the image. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 11, 2018 Author Share Posted January 11, 2018 (edited) Looks like the chain is incomplete - Might this be an out of date image? Emby my not have an up-to-date certificate bundle available. Try pulling the image again, if that doesn't work I'd contact the author of the image. Do you mean docker image? I'm using the official from emby (emby/embyserver_netcore:latest). And same thing happens when i download the ubuntu (deb file) version from (https://emby.media/linux-server.html) When running The windows version or the mono docker (emby/embyserver:latest) using a copy of the same certificate file (emby.pfx) I dont get these certificate errors. I create the cert using this docker: https://hub.docker.com/r/linuxserver/letsencrypt/ I'm making the cert from files in this folder; root@Unraidserver:/mnt/user/appdata/letsencrypt/keys/letsencrypt# ls README cert.pem@ chain.pem@ fullchain.pem@ privkey.pem@ privkey.pfx using this command: openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx -passout pass: Really appreciate your help Edited January 11, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
dcrdev 251 Posted January 11, 2018 Share Posted January 11, 2018 What's in fullchain.pem ? Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 11, 2018 Author Share Posted January 11, 2018 (edited) What's in fullchain.pem ? I'm not sure what its used for, it was created after I started letsencrypt docker. I found this command "openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx -passout pass:" somewhere on this forum. This has been working fine until I tried the new netcore versjon of emby Print of that readme file: This directory contains your keys and certificates. `privkey.pem` : the private key for your certificate. `fullchain.pem`: the certificate file used in most server software. `chain.pem` : used for OCSP stapling in Nginx >=1.3.7. `cert.pem` : will break many server configurations, and should not be used without reading further documentation (see link below). We recommend not moving these files. For more information, see the Certbot User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates. the guide says: fullchain.pem All certificates, including server certificate (aka leaf certificate or end-entity certificate). The server certificate is the first one in this file, followed by any intermediates. This is what Apache >= 2.4.8 needs for SSLCertificateFile, and what Nginx needs for ssl_certificate. root@Unraidserver:/mnt/user/appdata/letsencrypt/keys/letsencrypt# cat fullchain.pem -----BEGIN CERTIFICATE----- MIIGKzCCBROgAwIBAgISBAWqUo0GNdaYtjQO4ou7Tnp8MA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAxMDYyMTA3NTZaFw0x ODA0MDYyMTA3NTZaMCExHzAdBgNVBAMTFmhhbmRsM3ZvZ24uZHVja2Rucy5vcmcw ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD0dvQ8tI+B4xT1MLjk04Bt CXmC+OipBFnTJqe34yjOJHdvBN/mZYMuPCkEHkZXVYO03XSyarFJJWnkHtC87wZk IT7rszO6H5zOq3K+DzSrYGg9G3FMJuMLGYAZx5vibCc6oJ2J7Tx1YyJihX9WsKtT yFOhh229hv5+z71+23C47NT3GjMqG9Gcat0U5Fg4WS6cQQPUzdphtcHMgLnw6vRS IdOkzCsqTKea6u41j3y/ed9Aa/HuoUWMdfvQneYyxe8NxOR2gqH0a3p1Wk1FW/s8 mYur9EOiMRF2P/P+RWvmC5lIdapo6V7xewiH4KhXwpyEbSRX2UyZ0/O7UmAI3wbd zfhSSJxvydV/egQF5izg9MNmfGhVEqKcD24B0eQQigqItH9aRJdMliVbqVQT5SvW z8prYkzB21lSom7ADufc9Rp4KbuVttvrkoJkv34/5d3xdKZPg2VDmBuBWBOSDcPL iH2xziIQeuenGovESGaqngqOd2zhVF9aLxhlYKsQ6GXAmjNrhMQLu3lFFOeZ/hiq WOtksq7p/JfP+Hq4gcTWOA/bMmgaIsOZxofIWPHaswgkloZF3YGH5oZgB6+foS36 pcPV7TnXt8x42BYFcRGDkPONxiz12yBTwn/VzS1JAc5zu6r/m4TkC6/uZ+XSSJnD bDFNqapXlOdShAhBICDm6QIDAQABo4ICMjCCAi4wDgYDVR0PAQH/BAQDAgWgMB0G A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud DgQWBBTxv1HvT68lMk2m2Jlw6QlsGJcNGTAfBgNVHSMEGDAWgBSoSmpjBH3duubR ObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9v Y3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9j ZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMD0GA1UdEQQ2MDSCFmhhbmRsM3Zv Z24uZHVja2Rucy5vcmeCGnd3dy5oYW5kbDN2b2duLmR1Y2tkbnMub3JnMIH+BgNV HSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcC ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGb VGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5 aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0 aWZpY2F0ZSBQb2xpY3kgFm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcv cmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAIPHV9bWf8P3icup0oktfh38 DfaeR5JCsGdD+XTI4lkwEBk08SXQfKblQP1Bb7p/lSlRoCJlJYNijVVPao57qFjk OWc83iG6jyR6jEavQD/DaNa/xC4iM3zBXcdxbx5y2NY1suVdJ4802b0Vr7fNXv4E P5SfAFowmeVuFW1Vruy4f2gIB7EB6LfRA32RSxd7oIzRuE+BhmiOuQfIQAybNJBp efiFBCE/Ne4BR9o6m933rwMbgYtUOMF6QyZfmzk2tmZ+BmhvXvi9ApcVUp7WeTSL SYceazXRElBm5bHVxDDhOMmjmgGAVSyGtO3pv0THjBFtCvVhbAafFDvcxbCIdcc= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTE2MDMxTzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBGGC3xMBAQEwMDAuBggrBgEFBQcC ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== -----END CERTIFICATE----- Edited January 11, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 11, 2018 Author Share Posted January 11, 2018 (edited) Update Got it working again using a docker that is build/based on ArchLinux (binhex-emby). Same cert and configuration is used on all tests So now I'm happy again Maybe the problem was/is that emby docker and Ubuntu is running and older version of dotnetcore than Archlinux is using? I still belive that dotnetcore is to blame here. I will be using the binhex version and try the official emby docker once in a while to check if this problem gets fixed. Edited January 11, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 30, 2018 Author Share Posted January 30, 2018 Tried again using the official emby docker versjon 3.2.70 and still get the certificate error in browser. Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 30, 2018 Share Posted January 30, 2018 can you attach an emby server log from that? thanks. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 30, 2018 Author Share Posted January 30, 2018 (edited) can you attach an emby server log from that? thanks. Here you go Log.txt Edited January 30, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 30, 2018 Share Posted January 30, 2018 does your cert have a password? Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 30, 2018 Author Share Posted January 30, 2018 does your cert have a password? Nope. Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 30, 2018 Share Posted January 30, 2018 Try adding a password, and then configure the password in emby server. See if that helps. thanks. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 30, 2018 Author Share Posted January 30, 2018 Try adding a password, and then configure the password in emby server. See if that helps. thanks. hello made a new file using this command openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx -passout pass:12345678 Setup emby with password and restared it. Still got cert error. log2.txt Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 30, 2018 Share Posted January 30, 2018 is the cert associated with a domain name or IP? Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 30, 2018 Author Share Posted January 30, 2018 (edited) is the cert associated with a domain name or IP? domain name. Certificate is from lets encrypt to "mydomain".duckdns.org (mydomain is not my real hostname) Just want to add that exact same setup works on Binhex Archlinux based docker currently versjon is (3.2.60) Thanks. Edited January 30, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted January 30, 2018 Author Share Posted January 30, 2018 (edited) Here is a log from the working version Hope this will be fixed soon really enjoy this software. workinglog.txt Edited January 30, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 30, 2018 Share Posted January 30, 2018 Ok, we're looking into this, thanks. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted April 6, 2018 Author Share Posted April 6, 2018 (edited) @@Luke Any news on this? Just did a new test using latest beta docker (3.3.1.13) And the latest binhex docker. (3.3.1.0) Still failing on official build. Did a ssl test https://www.geocerts.com/check-ssl-certificate And got these results (see screens) Edited April 6, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now