Luke 37095 Posted June 19, 2018 Share Posted June 19, 2018 We're setting an environment variable SSL_CERTS_DIR that .NET core will utilize. Link to comment Share on other sites More sharing options...
Gerrit507 24 Posted June 19, 2018 Share Posted June 19, 2018 To be sure I ran chmod a+r /etc/ssl/certs/* Still no luck... Link to comment Share on other sites More sharing options...
Knight_Elf 2 Posted June 19, 2018 Share Posted June 19, 2018 Thank you! Does emby always look in this folder or is this the folder you have configured in emby for https? I looked in that folder and all certs in there have read permissions for everybody... You're welcome! Most of the files in the /etc/ssl/certs directory are in fact symbolic links to certificates placed in other directories (secondaries CA stores) so check the permissions of the linked files in their true pathes instead of the permissions of the links themselves (they're always lrwxrwxrwx ie. accessibles and modifiables by anyone), you may have one emby-unreadable file in those secondary stores... Link to comment Share on other sites More sharing options...
Knight_Elf 2 Posted June 19, 2018 Share Posted June 19, 2018 To be sure I ran chmod a+r /etc/ssl/certs/* Still no luck... Can you, please, publish the result of ls -lR /etc/ssl/certs? Oh, and I forgot to add that you must be root for chmod a+r /etc/ssl/certs/* to work! Link to comment Share on other sites More sharing options...
Gerrit507 24 Posted June 19, 2018 Share Posted June 19, 2018 You're welcome! Most of the files in the /etc/ssl/certs directory are in fact symbolic links to certificates placed in other directories (secondaries CA stores) so check the permissions of the linked files in their true pathes instead of the permissions of the links themselves (they're always lrwxrwxrwx ie. accessibles and modifiables by anyone), you may have one emby-unreadable file in those secondary stores... It's working! I've misunderstood it at first, but you were absolutely right! I've moved my certs folder to certs_bak, created a new empty certs folder and emby webinterface works again :) Link to comment Share on other sites More sharing options...
Knight_Elf 2 Posted June 19, 2018 Share Posted June 19, 2018 (edited) It's working! I've misunderstood it at first, but you were absolutely right! I've moved my certs folder to certs_bak, created a new empty certs folder and emby webinterface works again :) Beware, by doing this, you may have partly disabled the SSL functionnality of your Debian! Try getting back certificates one by one in your new "certs" directory to find the culprit. By the way, I'm happy to hear that the solution is working for someone else! Edited June 19, 2018 by Knight_Elf 1 Link to comment Share on other sites More sharing options...
zoneee 6 Posted June 20, 2018 Share Posted June 20, 2018 (edited) Beware, by doing this, you may have partly disabled the SSL functionnality of your Debian! Try getting back certificates one by one in your new "certs" directory to find the culprit. By the way, I'm happy to hear that the solution is working for someone else! TYVM @@Knight_Elf. Yeah, so this worked for me too on Ubuntu.. I was stuck on 3.4.1.11 for a while now because of this. Just upgraded to 3.4.1.17 now and "sudo mv /etc/ssl/certs /etc/ssl/certs.bak; sudo systemctl restart emby-server; sleep 5; sudo mv /etc/ssl/certs.bak /etc/ssl/certs" and https://myembyserver:8920 started working again. Now figuring out which cert is causing the problem is going to take some doing since all the perms on the target certs(and their corresponding symlinks in /etc/ssl/certs) look right. This also breaks "Emby: Check for application updates failed. The SSL connection could not be established, see inner exception." because it has no SSL certs to use for outgoing connections. :/ [uPDATE] So, I figured out what certs were causing the problem /etc/ssl/certs$ file * | grep broken 55a10908.0: broken symbolic link to UbuntuOne-ValiCert_Class_2_VA.pem 598630ad.0: broken symbolic link to UbuntuOne-Go_Daddy_CA.pem /etc/ssl/certs$ sudo rm 55a10908.0 598630ad.0 /etc/ssl/certs$ sudo systemctl restart emby-server And we are back to normal now. :-D Edited June 20, 2018 by zoneee 3 Link to comment Share on other sites More sharing options...
Gerrit507 24 Posted June 20, 2018 Share Posted June 20, 2018 (edited) TYVM @@Knight_Elf. Yeah, so this worked for me too on Ubuntu.. I was stuck on 3.4.1.11 for a while now because of this. Just upgraded to 3.4.1.17 now and "sudo mv /etc/ssl/certs /etc/ssl/certs.bak; sudo systemctl restart emby-server; sleep 5; sudo mv /etc/ssl/certs.bak /etc/ssl/certs" and https://myembyserver:8920 started working again. Now figuring out which cert is causing the problem is going to take some doing since all the perms on the target certs(and their corresponding symlinks in /etc/ssl/certs) look fine to me. This also breaks "Emby: Check for application updates failed. The SSL connection could not be established, see inner exception." because it has no SSL certs to use for outgoing connections. :/ I checked all the symlinks too, their target seemed fine to me. I just moved them all out. It were a bunch of CA certs. Everything is still up without them so it'll be fine Edited June 20, 2018 by Gerrit507 Link to comment Share on other sites More sharing options...
zoneee 6 Posted June 20, 2018 Share Posted June 20, 2018 @@Gerrit507, I just updated my post. Maybe you should check the targets of those symlinks again. :-) 1 Link to comment Share on other sites More sharing options...
lsrmax 0 Posted June 20, 2018 Author Share Posted June 20, 2018 (edited) Hi there, About the original problem. I solved it by switching to docker version of emby server. Now it's fine and everything went back to normal. (Basically it seems that i just reinstalled everything) Thanks Edited June 20, 2018 by lsrmax Link to comment Share on other sites More sharing options...
tosa65 16 Posted June 21, 2018 Share Posted June 21, 2018 (edited) Yeah ... that's it ... Even though I did not understand much, one thing I understood ... Something was wrong with the certificates. So I looked at the / etc / ssl / certs more closely. And look there; There were symbolic links that did not lead to a file. I have simply killed or disposed of these and then installed V3.4.1.17 ... What can I say: Emby, so the * .17 runs like an oiled uvula LOL. Sorry Luke, for all the circumstances. So Emby was fine the whole time? For the future, could not such things be stopped from the beginning? Say; If Emby encounters such problems that he ignores them and keeps going anyway? Best regards Tom ---------------------------------------------------- Germans Original------------------------- Yeah... Das war's... Auch wenn ich nicht viel verstanden habe, eines verstand ich dennoch... Irgendetwas stimmte nicht mit den Certificaten. Also schaute ich mir das /etc/ssl/certs genauer an. Und siehe da; Es lagen dort Symbolische Links, die zu keiner Datei führten. Ich habe diese schlichtweg gekillt bzw. entsorgt und danach V3.4.1.17 installiert... Was soll ich sagen: Emby, also die *.17 läuft wie 'n geöltes Zäpfchen LOL. Sorry Luke, für die ganzen Umstände. Dann war also Emby die ganze Zeit völlig in Ordnung? Für die Zukunft, könnte man solche Sachen nicht von vorn herein unterbinden? Sprich; Wenn Emby auf solche Probleme stösst, dass er diese Ingnoriert und trotzdem weiter macht? Liebe Grüsse Tom ----------------------------------------------- Anmerkung Witzig ist hier die Übersetzung von Zäpfchen nach "uvula" Wo doch eigentlich "suppository" gemeint waren LOL Edited June 21, 2018 by tosa65 Link to comment Share on other sites More sharing options...
Luke 37095 Posted June 21, 2018 Share Posted June 21, 2018 Emby did ignore them and keep going, you just had no internet metadata because you couldn't make http requests. Link to comment Share on other sites More sharing options...
tosa65 16 Posted June 21, 2018 Share Posted June 21, 2018 What does that mean? That I imagine that it now runs with the 3.4.1.17. That I can finally get back information from the net? Sorry, but unfortunately you did not send a quote that you refer to, I assume that you answer me. And the translation turns it on me that Emby always ignored that. Or was that related to future versions? Link to comment Share on other sites More sharing options...
Gerrit507 24 Posted June 21, 2018 Share Posted June 21, 2018 @@Gerrit507, I just updated my post. Maybe you should check the targets of those symlinks again. :-) Wow, Thanks! The command file * | grep broken is really useful here. I had 8 broken links. I deleted them in backup folder, copied the rest into my normal folder and emby is working fine. Link to comment Share on other sites More sharing options...
Gerrit507 24 Posted June 21, 2018 Share Posted June 21, 2018 What does that mean? That I imagine that it now runs with the 3.4.1.17. That I can finally get back information from the net? Sorry, but unfortunately you did not send a quote that you refer to, I assume that you answer me. And the translation turns it on me that Emby always ignored that. Or was that related to future versions? Du brauchst diese Zertifikate um eine https Verbindung aufzubauen. Dort wird nämlich das Zertifikat des externen Servers mit denen gegengeprüft die bei dir gespeichert sind. Das Problem hier war, dass emby beim Iterieren durch die lokalen Zertifikate ein Zertifkat gefunden hat, welches nicht lesbar ist. Dadurch wurde eine Ausnahme beim Verbindungsaufbau ausgelöst und dadurch abgebrochen. @@Luke A solution I could think of is catching this exception Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file 1 Link to comment Share on other sites More sharing options...
Luke 37095 Posted June 21, 2018 Share Posted June 21, 2018 We do catch it and the server continues moving forward. Link to comment Share on other sites More sharing options...
Gerrit507 24 Posted June 21, 2018 Share Posted June 21, 2018 We do catch it and the server continues moving forward. Ok. What I meant is catching it inside the connection method, that the connection can go on. Link to comment Share on other sites More sharing options...
Luke 37095 Posted June 21, 2018 Share Posted June 21, 2018 That's happening in the netcore runtime, there's nothing we can do other than disable certificate validation, which we're not going to do as that would pose a security risk. 1 Link to comment Share on other sites More sharing options...
Gerrit507 24 Posted June 21, 2018 Share Posted June 21, 2018 That's happening in the netcore runtime, there's nothing we can do other than disable certificate validation, which we're not going to do as that would pose a security risk. Ok, I understand. Thanks for explaining. 1 Link to comment Share on other sites More sharing options...
s7relok 1 Posted August 6, 2018 Share Posted August 6, 2018 TYVM @@Knight_Elf. Yeah, so this worked for me too on Ubuntu.. I was stuck on 3.4.1.11 for a while now because of this. Just upgraded to 3.4.1.17 now and "sudo mv /etc/ssl/certs /etc/ssl/certs.bak; sudo systemctl restart emby-server; sleep 5; sudo mv /etc/ssl/certs.bak /etc/ssl/certs" and https://myembyserver:8920 started working again. Now figuring out which cert is causing the problem is going to take some doing since all the perms on the target certs(and their corresponding symlinks in /etc/ssl/certs) look right. This also breaks "Emby: Check for application updates failed. The SSL connection could not be established, see inner exception." because it has no SSL certs to use for outgoing connections. :/ [uPDATE] So, I figured out what certs were causing the problem /etc/ssl/certs$ file * | grep broken 55a10908.0: broken symbolic link to UbuntuOne-ValiCert_Class_2_VA.pem 598630ad.0: broken symbolic link to UbuntuOne-Go_Daddy_CA.pem /etc/ssl/certs$ sudo rm 55a10908.0 598630ad.0 /etc/ssl/certs$ sudo systemctl restart emby-server And we are back to normal now. :-D This post litteraly saved my installation A billion thanks mate Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now