Linux "webroot"

[studio-jurdan 9]

Bonjour,

 

IJ'ai installé emby serveur sur une machine en debian 8 console avec les 3 lignes d'instruction d'install de votre site 

Cela fonctionne pas mal MAIS

 

 

Pour renouveller les certificats let's encript je dois indiquer au  certboot  le chemin "WEBROOT"  d' Emby. J'ai fouillé toute la machine mais ne trouve nulle part de chemin du genre  /web/index.html    (qui logiquement devrait se trouver en  /var/web/.....

J'accede au serveur avec une adresse et PORT et donc ne sais pas ou j'atterri en réalité

 

j'ai bien trouvé un   /opt/emby-server/system/dashboard-ui/   contenant des fichiers html mais le script's certboot et let's encrypt reffuse ce répertoire.

 

Quel chemin dois je donc utiliser?

ou comment faire pour que mon certificat soit fait et renouvellé automatiquement en cron?

 

en vous remerciant

[Luke 37139]

@@Swynol may have some tips about this.

[Swynol 375]

Had to use google translate so bare with me.

 

Certbot needs a webroot like you say. Emby doesnt provide this. There is 2 ways to accomplish this.

 

1. download nginx or apache - use it as a reverse proxy to create the html webroot and .acme-challenge area.

2. Use DNS authentication. I'm guessing you own a domain name. Login to your registrar then use a service like zerossl 

 

with zero SSL, use online tool > free ssl cert. 

You have to create a txt record with your domain registrar. you can then create the SSL cert this way. 

 

there is an additional step where you will need to convert the crt and key files into a PFX. If you need advice on that, drop a message here.

[studio-jurdan 9]

Hi,

Thanks for your help.

Yes i have a domain and i have made the First cert with it.

My problem is for the future to made a cron to renew the cert let's encrypt every month.   that' why i'll need to use certboot etc.

I'll take a look at zerossl and TXT  dns record. i have a A record for the moment.

Thanks again and sorry for my terrible english.

 

I have Nginx on the server but all my try to use it in reverse proxy with emby never worked .

Edited April 4, 2018 by studio-jurdan

[Swynol 375]

your english is good, much better than my french

 

with using a DNS TXT record you wont be able to automatically renew. you will have to do it before the 90 days expiry. Keep your A Record as it is, so for example emby.domain.com pointed to your IP. Then add the TXT record that ZeroSSL instructs you to do.

 

If your already using NGINX, it should be straight forward. the config will be something like the below. Then use certbot. it should create the acme challange files in NGINX > HTML > .well-known > acme-challenge

 

server {
    listen 80;

    server_name emby.domain.com;

 

location ^~ /.well-known/acme-challenge/ {
}

}

 

 

i've never really used Linux or certbot so not sure what the command would be but a quick google - sudo certbot --nginx -d example.com -d www.example.com   

 

info here - https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-with-nginx-server-blocks-on-ubuntu-16-04

 

hope that helps.

Edited April 5, 2018 by Swynol