Jump to content

Problem getting lets encrypt ssl cert to work on embyserver dotnetcore


Handl3vogn
Go to solution Solved by Luke,

Recommended Posts

Handl3vogn

Hello,

 

After updating embyserver to dotnetcore on my unraid server I got som problems when connecting to my embyserver web page.

 

Problem only happens when the browser has newer seen my certificate before. If I connect to another site eg port https://mydomain:443 insted of https://mydomain:8920 and back to 8920 it says everything is secure.

But if the first time I connect is to emby server i get site not trusted certificate error. So its important to delete all appdata for browser on each try. I'm doing this by uninstall/install firefox on my android phone.

 

I have tried to setup emby on different platforms and got these result:

 

Embyserver dotnetcore: Ubuntu 17.10 vm = Get certificate error

Embyserver dotnetcore: Docker on Unraid = Get certificate error

Embyserver dotnetcore: Windows 10 VM = OK

Embyserver mono : Docker on Unraid = OK

 

So after these test I belive there is something whit the dotnetcore version on Linux

 

Here is server log from mono version and dotnetcore version running on unraid

 

Any help on this topic would be much appreciated

monoLog.txt

netcoreLog.txt

Edited by Handl3vogn
  • Like 1
Link to comment
Share on other sites

Handl3vogn

Here are som pictures maybe these will help.
port 8920 is running Versjon 3.2.60.0 mono docker
port 8921 is running Versjon 3.2.60.0 dotnetcore docker

 

Same Certification file is used on both servers.

 

post-248165-0-26977100-1515604695_thumb.png

post-248165-0-80555100-1515604703_thumb.png

post-248165-0-23353000-1515604722_thumb.png

Edited by Handl3vogn
Link to comment
Share on other sites

I wonder if it's due to the browser having saved data about your previous cert from the same domain.

Link to comment
Share on other sites

Handl3vogn

I wonder if it's due to the browser having saved data about your previous cert from the same domain.

Hello,

Browsers is completely reset all application data for that browser is removed so I dont think that is the case

This also happens when I connect from computers I normally don't use. Eg hotel computer or at work.

 

And the strange thing is when running mono or windows version of emby I have no errors.

 

I can create 2 test servers for you mono/netcore and give you login if that wold help?

Edited by Handl3vogn
Link to comment
Share on other sites

dcrdev

Can you request the site using cURL:

curl https://domain.coom:port

If that doesn't return an error, then it's the browser - otherwise it's something else.

Link to comment
Share on other sites

Handl3vogn

Can you request the site using cURL:

curl https://domain.coom:port

If that doesn't return an error, then it's the browser - otherwise it's something else.

Hello,

Curl on netcore server port 8921 gives this:

 

curl: (60) SSL certificate problem: unable to get local issuer certificate

More details here: https://curl.haxx.se/docs/sslcerts.html

 

curl failed to verify the legitimacy of the server and therefore could not

establish a secure connection to it. To learn more about this situation and

how to fix it, please visit the web page mentioned above.

 

 

and if I try the mono server on port 8920 I get no output.

Edited by Handl3vogn
Link to comment
Share on other sites

dcrdev

Interesting - 

 

That would seem to suggest you're introducing  an invalid certificate chain to that pfx.

 

Can you verify that the serve is actually attaching a cert chain:

echo | \
    openssl s_client -servername domain.com -connect domain.com:port 2>/dev/null | \
    openssl x509 -text

^ Obviously strip that of personal details before posting

Link to comment
Share on other sites

Handl3vogn

This is what I get

 

[user@@arch ~]$ echo |     openssl s_client -servername domain.com -connect domain.mydns.org:8921 2>/dev/null |     openssl x509 -text                      
Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number:
           04:05:aa:52:8d:06:35:d6:98:b6:34:0e:e2:8b:bb:4e:7a:7c
   Signature Algorithm: sha256WithRSAEncryption
       Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
       Validity
           Not Before: Jan  6 21:07:56 2018 GMT
           Not After : Apr  6 21:07:56 2018 GMT
       Subject: CN = domain.mydns.org
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
               Public-Key: (4096 bit)
               Modulus:
                   00:f4:76:f4:3c:b4:8f:81:e3:14:f5:30:b8:e4:d3:
                   80:6d:09:79:82:f8:e8:a9:04:59:d3:26:a7:b7:e3:
                   28:ce:24:77:6f:04:df:e6:65:83:2e:3c:29:04:1e:
                   46:57:55:83:b4:dd:74:b2:6a:b1:49:25:69:e4:1e:
                   d0:bc:ef:06:64:21:3e:eb:b3:33:ba:1f:9c:ce:ab:
                   72:be:0f:34:ab:60:68:3d:1b:71:4c:26:e3:0b:19:
                   80:19:c7:9b:e2:6c:27:3a:a0:9d:89:ed:3c:75:63:
                   22:62:85:7f:56:b0:ab:53:c8:53:a1:87:6d:bd:86:
                   fe:7e:cf:bd:7e:db:70:b8:ec:d4:f7:1a:33:2a:1b:
                   d1:9c:6a:dd:14:e4:58:38:59:2e:9c:41:03:d4:cd:
                   da:61:b5:c1:cc:80:b9:f0:ea:f4:52:21:d3:a4:cc:
                   2b:2a:4c:a7:9a:ea:ee:35:8f:7c:bf:79:df:40:6b:
                   f1:ee:a1:45:8c:75:fb:d0:9d:e6:32:c5:ef:0d:c4:
                   e4:76:82:a1:f4:6b:7a:75:5a:4d:45:5b:fb:3c:99:
                   8b:ab:f4:43:a2:31:11:76:3f:f3:fe:45:6b:e6:0b:
                   99:48:75:aa:68:e9:5e:f1:7b:08:87:e0:a8:57:c2:
                   9c:84:6d:24:57:d9:4c:99:d3:f3:bb:52:60:08:df:
                   06:dd:cd:f8:52:48:9c:6f:c9:d5:7f:7a:04:05:e6:
                   2c:e0:f4:c3:66:7c:68:55:12:a2:9c:0f:6e:01:d1:
                   e4:10:8a:0a:88:b4:7f:5a:44:97:4c:96:25:5b:a9:
                   54:13:e5:2b:d6:cf:ca:6b:62:4c:c1:db:59:52:a2:
                   6e:c0:0e:e7:dc:f5:1a:78:29:bb:95:b6:db:eb:92:
                   82:64:bf:7e:3f:e5:dd:f1:74:a6:4f:83:65:43:98:
                   1b:81:58:13:92:0d:c3:cb:88:7d:b1:ce:22:10:7a:
                   e7:a7:1a:8b:c4:48:66:aa:9e:0a:8e:77:6c:e1:54:
                   5f:5a:2f:18:65:60:ab:10:e8:65:c0:9a:33:6b:84:
                   c4:0b:bb:79:45:14:e7:99:fe:18:aa:58:eb:64:b2:
                   ae:e9:fc:97:cf:f8:7a:b8:81:c4:d6:38:0f:db:32:
                   68:1a:22:c3:99:c6:87:c8:58:f1:da:b3:08:24:96:
                   86:45:dd:81:87:e6:86:60:07:af:9f:a1:2d:fa:a5:
                   c3:d5:ed:39:d7:b7:cc:78:d8:16:05:71:11:83:90:
                   f3:8d:c6:2c:f5:db:20:53:c2:7f:d5:cd:2d:49:01:
                   ce:73:bb:aa:ff:9b:84:e4:0b:af:ee:67:e5:d2:48:
                   99:c3:6c:31:4d:a9:aa:57:94:e7:52:84:08:41:20:
                   20:e6:e9
               Exponent: 65537 (0x10001)
       X509v3 extensions:
           X509v3 Key Usage: critical
               Digital Signature, Key Encipherment
           X509v3 Extended Key Usage:  
               TLS Web Server Authentication, TLS Web Client Authentication
           X509v3 Basic Constraints: critical
               CA:FALSE
           X509v3 Subject Key Identifier:  
               F1:BF:51:EF:4F:AF:25:32:4D:A6:D8:99:70:E9:09:6C:18:97:0D:19
           X509v3 Authority Key Identifier:  
               keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

           Authority Information Access:  
               OCSP - URI:http://ocsp.int-x3.letsencrypt.org
               CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

           X509v3 Subject Alternative Name:  
               DNS:domain.mydns.org, DNS:www.domain.mydns.org
           X509v3 Certificate Policies:  
               Policy: 2.23.140.1.2.1
               Policy: 1.3.6.1.4.1.44947.1.1.1
                 CPS: http://cps.letsencrypt.org
                 User Notice:
                   Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/

   Signature Algorithm: sha256WithRSAEncryption
        83:c7:57:d6:d6:7f:c3:f7:89:cb:a9:d2:89:2d:7e:1d:fc:0d:
        f6:9e:47:92:42:b0:67:43:f9:74:c8:e2:59:30:10:19:34:f1:
        25:d0:7c:a6:e5:40:fd:41:6f:ba:7f:95:29:51:a0:22:65:25:
        83:62:8d:55:4f:6a:8e:7b:a8:58:e4:39:67:3c:de:21:ba:8f:
        24:7a:8c:46:af:40:3f:c3:68:d6:bf:c4:2e:22:33:7c:c1:5d:
        c7:71:6f:1e:72:d8:d6:35:b2:e5:5d:27:8f:34:d9:bd:15:af:
        b7:cd:5e:fe:04:3f:94:9f:00:5a:30:99:e5:6e:15:6d:55:ae:
        ec:b8:7f:68:08:07:b1:01:e8:b7:d1:03:7d:8f:4b:17:7b:a0:
        8c:d1:b8:4f:81:86:68:8e:b9:07:c8:40:0c:9b:34:90:69:79:
        f8:85:04:21:3f:35:ee:01:47:da:3a:9b:dd:f7:af:03:1b:81:
        8b:54:38:c1:7a:43:26:5f:9b:39:36:b6:66:7e:06:68:6f:5e:
        f8:bd:02:97:15:52:9e:d6:79:34:8b:49:87:1e:6b:35:d1:12:
        50:66:e5:b1:d5:c4:30:e1:38:c9:a3:9a:01:80:55:2c:86:b4:
        ed:e9:bf:44:c7:8c:11:6d:0a:f5:61:6c:06:9f:14:3b:dc:c5:
        b0:88:75:c7
-----BEGIN CERTIFICATE-----
MIIGKzCCBROgAwIBAgISBAWqUo0GNdaYtjQO4ou7Tnp8MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAxMDYyMTA3NTZaFw0x
ODA0MDYyMTA3NTZaMCExHzAdBgNVBAMTFmhhbmRsM3ZvZ24uZHVja2Rucy5vcmcw
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD0dvQ8tI+B4xT1MLjk04Bt
CXmC+OipBFnTJqe34yjOJHdvBN/mZYMuPCkEHkZXVYO03XSyarFJJWnkHtC87wZk
IT7rszO6H5zOq3K+DzSrYGg9G3FMJuMLGYAZx5vibCc6oJ2J7Tx1YyJihX9WsKtT
yFOhh229hv5+z71+23C47NT3GjMqG9Gcat0U5Fg4WS6cQQPUzdphtcHMgLnw6vRS
IdOkzCsqTKea6u41j3y/ed9Aa/HuoUWMdfvQneYyxe8NxOR2gqH0a3p1Wk1FW/s8
mYur9EOiMRF2P/P+RWvmC5lIdapo6V7xewiH4KhXwpyEbSRX2UyZ0/O7UmAI3wbd
zfhSSJxvydV/egQF5izg9MNmfGhVEqKcD24B0eQQigqItH9aRJdMliVbqVQT5SvW
z8prYkzB21lSom7ADufc9Rp4KbuVttvrkoJkv34/5d3xdKZPg2VDmBuBWBOSDcPL
iH2xziIQeuenGovESGaqngqOd2zhVF9aLxhlYKsQ6GXAmjNrhMQLu3lFFOeZ/hiq
WOtksq7p/JfP+Hq4gcTWOA/bMmgaIsOZxofIWPHaswgkloZF3YGH5oZgB6+foS36
pcPV7TnXt8x42BYFcRGDkPONxiz12yBTwn/VzS1JAc5zu6r/m4TkC6/uZ+XSSJnD
bDFNqapXlOdShAhBICDm6QIDAQABo4ICMjCCAi4wDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud
DgQWBBTxv1HvT68lMk2m2Jlw6QlsGJcNGTAfBgNVHSMEGDAWgBSoSmpjBH3duubR
ObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9v
Y3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9j
ZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMD0GA1UdEQQ2MDSCFmhhbmRsM3Zv
Z24uZHVja2Rucy5vcmeCGnd3dy5oYW5kbDN2b2duLmR1Y2tkbnMub3JnMIH+BgNV
HSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcC
ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGb
VGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5
aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0
aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcv
cmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAIPHV9bWf8P3icup0oktfh38
DfaeR5JCsGdD+XTI4lkwEBk08SXQfKblQP1Bb7p/lSlRoCJlJYNijVVPao57qFjk
OWc83iG6jyR6jEavQD/DaNa/xC4iM3zBXcdxbx5y2NY1suVdJ4802b0Vr7fNXv4E
P5SfAFowmeVuFW1Vruy4f2gIB7EB6LfRA32PSxd7oIzRuE+BhmiOuQfIQAybNJBp
efiFBCE/Ne4BR9o6m933rwMbgYtUOMF6QyZfmzk2tmZ+BmhvXvi9ApcVUp7WeTSL
SYceazXRElBm5bHVxDDhOMmjmgGAVSyGtO3pv0THjBFtCvVhbAafFDvcxbCIdcc=
-----END CERTIFICATE-----

 

Link to comment
Share on other sites

dcrdev

Looks like the chain is incomplete -

 

Might this be an out of date image? Emby my not have an up-to-date certificate bundle available.

 

Try pulling the image again, if that doesn't work I'd contact the author of the image. 

Link to comment
Share on other sites

Handl3vogn

Looks like the chain is incomplete -

 

Might this be an out of date image? Emby my not have an up-to-date certificate bundle available.

 

Try pulling the image again, if that doesn't work I'd contact the author of the image. 

Do you mean docker image? I'm using the official from emby (emby/embyserver_netcore:latest).

 

And same thing happens when i download the ubuntu (deb file) version from (https://emby.media/linux-server.html)

 

When running The windows version or the mono docker (emby/embyserver:latest) using a copy of the same certificate file (emby.pfx) I dont get these certificate errors.

 

I create the cert using this docker:

https://hub.docker.com/r/linuxserver/letsencrypt/

 

I'm making the cert from files in this folder;

root@Unraidserver:/mnt/user/appdata/letsencrypt/keys/letsencrypt# ls
README  cert.pem@  chain.pem@  fullchain.pem@  privkey.pem@  privkey.pfx
 
using this command:
openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx -passout pass:
 

 

Really appreciate your help :)

Edited by Handl3vogn
Link to comment
Share on other sites

Handl3vogn

What's in fullchain.pem ?

I'm not sure what its used for, it was created after I started letsencrypt docker. 

I found this command "openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx -passout pass:" somewhere on this forum.

This has been working fine until I tried the new netcore versjon of emby

 

Print of that readme file:

This directory contains your keys and certificates.

 

`privkey.pem`  : the private key for your certificate.

`fullchain.pem`: the certificate file used in most server software.

`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.

`cert.pem`     : will break many server configurations, and should not be used

                without reading further documentation (see link below).

 

We recommend not moving these files. For more information, see the Certbot

User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

 

the guide says:

 

fullchain.pem

All certificates, including server certificate (aka leaf certificate or end-entity certificate). The server certificate is the first one in this file, followed by any intermediates.

This is what Apache >= 2.4.8 needs for SSLCertificateFile, and what Nginx needs for ssl_certificate.

 

root@Unraidserver:/mnt/user/appdata/letsencrypt/keys/letsencrypt# cat fullchain.pem  

-----BEGIN CERTIFICATE-----

MIIGKzCCBROgAwIBAgISBAWqUo0GNdaYtjQO4ou7Tnp8MA0GCSqGSIb3DQEBCwUA

MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD

ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAxMDYyMTA3NTZaFw0x

ODA0MDYyMTA3NTZaMCExHzAdBgNVBAMTFmhhbmRsM3ZvZ24uZHVja2Rucy5vcmcw

ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD0dvQ8tI+B4xT1MLjk04Bt

CXmC+OipBFnTJqe34yjOJHdvBN/mZYMuPCkEHkZXVYO03XSyarFJJWnkHtC87wZk

IT7rszO6H5zOq3K+DzSrYGg9G3FMJuMLGYAZx5vibCc6oJ2J7Tx1YyJihX9WsKtT

yFOhh229hv5+z71+23C47NT3GjMqG9Gcat0U5Fg4WS6cQQPUzdphtcHMgLnw6vRS

IdOkzCsqTKea6u41j3y/ed9Aa/HuoUWMdfvQneYyxe8NxOR2gqH0a3p1Wk1FW/s8

mYur9EOiMRF2P/P+RWvmC5lIdapo6V7xewiH4KhXwpyEbSRX2UyZ0/O7UmAI3wbd

zfhSSJxvydV/egQF5izg9MNmfGhVEqKcD24B0eQQigqItH9aRJdMliVbqVQT5SvW

z8prYkzB21lSom7ADufc9Rp4KbuVttvrkoJkv34/5d3xdKZPg2VDmBuBWBOSDcPL

iH2xziIQeuenGovESGaqngqOd2zhVF9aLxhlYKsQ6GXAmjNrhMQLu3lFFOeZ/hiq

WOtksq7p/JfP+Hq4gcTWOA/bMmgaIsOZxofIWPHaswgkloZF3YGH5oZgB6+foS36

pcPV7TnXt8x42BYFcRGDkPONxiz12yBTwn/VzS1JAc5zu6r/m4TkC6/uZ+XSSJnD

bDFNqapXlOdShAhBICDm6QIDAQABo4ICMjCCAi4wDgYDVR0PAQH/BAQDAgWgMB0G

A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud

DgQWBBTxv1HvT68lMk2m2Jlw6QlsGJcNGTAfBgNVHSMEGDAWgBSoSmpjBH3duubR

ObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9v

Y3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9j

ZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMD0GA1UdEQQ2MDSCFmhhbmRsM3Zv

Z24uZHVja2Rucy5vcmeCGnd3dy5oYW5kbDN2b2duLmR1Y2tkbnMub3JnMIH+BgNV

HSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcC

ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGb

VGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5

aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0

aWZpY2F0ZSBQb2xpY3kgFm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcv

cmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAIPHV9bWf8P3icup0oktfh38

DfaeR5JCsGdD+XTI4lkwEBk08SXQfKblQP1Bb7p/lSlRoCJlJYNijVVPao57qFjk

OWc83iG6jyR6jEavQD/DaNa/xC4iM3zBXcdxbx5y2NY1suVdJ4802b0Vr7fNXv4E

P5SfAFowmeVuFW1Vruy4f2gIB7EB6LfRA32RSxd7oIzRuE+BhmiOuQfIQAybNJBp

efiFBCE/Ne4BR9o6m933rwMbgYtUOMF6QyZfmzk2tmZ+BmhvXvi9ApcVUp7WeTSL

SYceazXRElBm5bHVxDDhOMmjmgGAVSyGtO3pv0THjBFtCvVhbAafFDvcxbCIdcc=

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/

MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT

DkRTVCBSb290IENBIFgzMB4XDTE2MDMxTzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow

SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT

GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC

AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF

q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8

SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0

Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA

a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj

/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T

AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG

CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv

bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k

c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw

VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBGGC3xMBAQEwMDAuBggrBgEFBQcC

ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz

MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu

Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF

AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo

uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/

wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu

X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG

PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6

KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==

-----END CERTIFICATE-----

 

Edited by Handl3vogn
Link to comment
Share on other sites

Handl3vogn

Update

Got it working again using a docker that is build/based on ArchLinux (binhex-emby).

Same cert and configuration is used on all tests

So now I'm happy again :D

 

Maybe the problem was/is that emby docker and Ubuntu is running and older version of dotnetcore than Archlinux is using? 

I still belive that dotnetcore is to blame here.

 

I will be using the binhex version and try the official emby docker once in a while to check if this problem gets fixed.

Edited by Handl3vogn
Link to comment
Share on other sites

  • 3 weeks later...
Handl3vogn

Try adding a password, and then configure the password in emby server. See if that helps. thanks.

hello made a new file using this command

openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx -passout pass:12345678

 

Setup emby with password and restared it.

Still got cert error.

log2.txt

Link to comment
Share on other sites

Handl3vogn

is the cert associated with a domain name or IP?

domain name.

Certificate is from lets encrypt to "mydomain".duckdns.org (mydomain is not my real hostname)

Just want to add that exact same setup works on Binhex Archlinux based docker currently versjon is (3.2.60)

Thanks. 

Edited by Handl3vogn
Link to comment
Share on other sites

  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...