Handl3vogn 6 Posted February 24, 2018 Share Posted February 24, 2018 (edited) @@alucryd Tried using the latest 3.3.0.0 and I still get sec_error_unknown_issuer error in my browser. If I visit another site "or port" on my server that uses same cert before I visit emby I get green lock (cert ok) until next time my cert is renewed or until I connect whit a client/browser that newer seen that certificate before. So there must be something wrong when the same certificate work on windows and arch but not on official docker or ubuntu. I'm not using reverse proxy or anything like that, just opened a port for emby server and connection straight to that using https. Edited February 24, 2018 by Luke Link to comment Share on other sites More sharing options...
Luke 37008 Posted February 25, 2018 Share Posted February 25, 2018 The latest beta has resolved the client certificate problem, if you could try that out it would be helpful. I'm not sure it will affect the original issue this topic was opened for though. Thanks. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted February 25, 2018 Share Posted February 25, 2018 @@Luke Tried the latest beta docker and still same problem for me. Link to comment Share on other sites More sharing options...
Luke 37008 Posted February 25, 2018 Share Posted February 25, 2018 What same problem? Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted February 25, 2018 Share Posted February 25, 2018 @@Luke I get site insecure error in my browser when connecting to my emby server. Link to comment Share on other sites More sharing options...
Luke 37008 Posted February 26, 2018 Share Posted February 26, 2018 What version does your server dashboard say? Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted February 26, 2018 Share Posted February 26, 2018 (edited) @@Luke 3.3.0.1 here is log Log.txt Edited February 26, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
Luke 37008 Posted February 26, 2018 Share Posted February 26, 2018 Ok, I could be wrong but I think the original issue is blocking you from being able to accurately confirm that. Thanks. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted February 26, 2018 Share Posted February 26, 2018 (edited) Ok, I could be wrong but I think the original issue is blocking you from being able to accurately confirm that. Thanks.I did not exactly understand that, but I'm still having trouble getting emby server to work with ssl certificate. And you can see in the logs that there is some problems. And at this point I don't believe that there is anything wrong with my setup when the same setup works in Windows and on binhex-emby docker. Edited February 26, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
Luke 37008 Posted February 26, 2018 Share Posted February 26, 2018 Yea I get that, we're just having a hard time reproducing the problem. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted February 26, 2018 Share Posted February 26, 2018 (edited) Yeah I get that, we're just having a hard time reproducing the problem.I understand that, is there anything I can do to help? Would it be helpful if I sent you my cert file? Or made some test Dockers you could connect to? One working and one not working? Just tell me if I can do anything to help resolve that issue. Edited February 26, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
GWTPqZp6b 41 Posted March 17, 2018 Share Posted March 17, 2018 I think I'm having this problem with latest beta as well, although this could be something to do with a pfsense RP issue too. The problem only occurs when I attempt to add the send-proxy option to enable me to see the real-ip address behind my proxy address. 2018-03-16 23:58:17.653 Error HttpServer: Error in ProcessAccept *** Error Report *** Version: 3.3.1.5 Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_amd64.deb Operating system: Unix 4.9.0.3 64-Bit OS: True 64-Bit Process: True User Interactive: True Processor count: 2 Program data path: /var/lib/emby Application directory: /opt/emby-server/system System.IO.IOException: The handshake failed due to an unexpected packet format. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverCertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at SocketHttpListener.Net.HttpConnection..ctor(ILogger logger, Socket socket, EndPointListener epl, Boolean secure, X509Certificate cert, ICryptoProvider cryptoProvider, IMemoryStreamFactory memoryStreamFactory, ITextEncoding textEncoding, IFileSystem fileSystem, IEnvironmentInfo environment) at SocketHttpListener.Net.EndPointListener.ProcessAccept(Socket accepted) System.IO.IOException at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverCertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at SocketHttpListener.Net.HttpConnection..ctor(ILogger logger, Socket socket, EndPointListener epl, Boolean secure, X509Certificate cert, ICryptoProvider cryptoProvider, IMemoryStreamFactory memoryStreamFactory, ITextEncoding textEncoding, IFileSystem fileSystem, IEnvironmentInfo environment) at SocketHttpListener.Net.EndPointListener.ProcessAccept(Socket accepted) let me know if theres anything I can do to help debug etc. Link to comment Share on other sites More sharing options...
Luke 37008 Posted March 17, 2018 Share Posted March 17, 2018 @@pir8radio are you using this option? Link to comment Share on other sites More sharing options...
GWTPqZp6b 41 Posted March 17, 2018 Share Posted March 17, 2018 hey luke, looks like you cut and pasted form the 'other' SSL thread I was reading.... Im using both these options <RequireHttps>true</RequireHttps> <IsBehindProxy>true</IsBehindProxy> Link to comment Share on other sites More sharing options...
Luke 37008 Posted March 17, 2018 Share Posted March 17, 2018 Right ok. I mis-read that and thought you had configured a proxy setting. Link to comment Share on other sites More sharing options...
Luke 37008 Posted March 17, 2018 Share Posted March 17, 2018 In any event I don't think your issue is related to this thread, but in case it helps, check the incoming request urls and make sure that the https url has the proper port. Your exception message suggests that you have an incoming https request on your http port. Additionally, i would set RequireHttps to false. Since you're behind a proxy you probably want to have the proxy handle your SSL and forward everything to Emby over local http. Link to comment Share on other sites More sharing options...
GWTPqZp6b 41 Posted March 17, 2018 Share Posted March 17, 2018 (edited) I think you are right in that these are probably two different problems. I have basic proxy needs so rely on pfSense to separate a few internet facing services including emby by subdomain, these all run local letsencrypt HTTPS certs and a simple passthrough from pfSense with the 'send-proxy' option allows me to run fail2ban / log correct IP addresses. It seems emby throws the error I posted when I add that 'send-proxy' flag. Wanted to make sure you understood in case it was a Emby side problem, I have a workaround that gets me where I need to be in th meanwhile, thank you. Edited March 17, 2018 by GWTPqZp6b Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted March 17, 2018 Share Posted March 17, 2018 (edited) hey luke, looks like you cut and pasted form the 'other' SSL thread I was reading.... Im using both these options <RequireHttps>true</RequireHttps> <IsBehindProxy>true</IsBehindProxy> Behind a Reverse proxy you will want: <EnableHttps>true</EnableHttps> not "RequireHttps" set require to false, and enable to true. Probably not your issue, but something to fix. Also if the proxy is setup correctly you wont need "IsBehindProxy" set to true, as far as I know.. I'm not sure what this switch does within emby... But emby should be blind to the fact that it is behind a proxy if its setup correctly. Edited March 17, 2018 by pir8radio Link to comment Share on other sites More sharing options...
Luke 37008 Posted May 11, 2018 Share Posted May 11, 2018 If you would like to try the beta server that would be helpful as we've updated to .NET Core 2.1. Thanks. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted May 15, 2018 Share Posted May 15, 2018 Tried the 3.4.1.2-beta on ubuntu 18.04 Still got ssl certification error so no change for me. Link to comment Share on other sites More sharing options...
Luke 37008 Posted May 15, 2018 Share Posted May 15, 2018 New server log? thanks. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted May 15, 2018 Share Posted May 15, 2018 New server log? thanks. Here lots of ssl errors in log Log.txt Link to comment Share on other sites More sharing options...
Luke 37008 Posted May 15, 2018 Share Posted May 15, 2018 Those are all outbound https, which are hopefully resolved for next beta. I don't see anything here related inbound traffic. Link to comment Share on other sites More sharing options...
Handl3vogn 6 Posted May 15, 2018 Share Posted May 15, 2018 (edited) Those are all outbound https, which are hopefully resolved for next beta. I don't see anything here related inbound traffic. I still get certification error in my browser. And tried a online ssl certificate tester and got these results Edited May 15, 2018 by Handl3vogn Link to comment Share on other sites More sharing options...
cristol 0 Posted May 17, 2018 Share Posted May 17, 2018 Hi, i've the same issue with the docker (Version 3.4.1.0) on debian 8.10 (OpenMediaVault). I can access and play video with my desktop but with my android phone it's impossible (chrome and emby app) *** Error Report *** Version: 3.4.1.0 Command line: /system/EmbyServer.dll -programdata /config -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3 Operating system: Unix 4.9.0.0 64-Bit OS: True 64-Bit Process: True User Interactive: True Processor count: 4 Program data path: /config Application directory: /system System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown --- End of inner exception stack trace --- After a moment, Https isn't accessible ... i must restart docker image to restart https access. PS : My certificat is generate with letsencrypt --> openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out Emby.pfx -passout pass:PASSWORD It's an Emby problem ? logEmby.txt Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now