jonomite 29 Posted January 22, 2019 Share Posted January 22, 2019 Sorry for posting yet another SSL threadTM, but I'm not sure how to troubleshoot this. . I have a subdomain that I've registered through IONOS (formerly 1&1). I have an SSL certificate that IONOS is managing for me at my top-level domain. How do I get my subdomain to direct to my server? Do I just redirect to my server's remote IP address? Also, in reviewing the various other guides I've found on this, it looks like I may need to download my SSL certificate and keys an import those into emby? It doesn't appear I have the option to do that from my IONOS dashboard as I've configured it so that IONOS manages it and not me. Is that a deal breaker? Or is there another way around this? I feel like I have the basic pieces available to setup SSL for remote connections to my server, but I just need to take a few more steps to get to the finish line. Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 22, 2019 Share Posted January 22, 2019 @@Jdiesel, any experience with IONOS? Link to comment Share on other sites More sharing options...
jonomite 29 Posted January 22, 2019 Author Share Posted January 22, 2019 After some tinkering, I did manage to edit the DNS settings so that the Subdomain points to my ember server. However,I am definitely stuck on the SSL certificate. Sent from my Nexus 7 using Tapatalk Link to comment Share on other sites More sharing options...
Jdiesel 1112 Posted January 22, 2019 Share Posted January 22, 2019 @@Jdiesel, any experience with IONOS? Unfortunately not There should be a place to download your private key someplace in the dashboard. Once you have the key and depending of which format it is in you will need to convert it to a pfx for use in Emby. You can do this with OpenSSL or an online tool if you trust it. https://www.sslshopper.com/ssl-converter.html 1 Link to comment Share on other sites More sharing options...
jonomite 29 Posted January 22, 2019 Author Share Posted January 22, 2019 Thanks, everyone. Looks like I have to go the users managed route, rather than allow IONOS to manage for me. I'll tinker with it some more. Sent from my Nexus 5X using Tapatalk Link to comment Share on other sites More sharing options...
jonomite 29 Posted January 22, 2019 Author Share Posted January 22, 2019 Will I need to change the public https port on the server dashboard? I've seen one guide state that it needs to change to 443? So does that mean I need to forward port 80 to 443 on my router config? Sent from my Nexus 5X using Tapatalk Link to comment Share on other sites More sharing options...
jonomite 29 Posted January 23, 2019 Author Share Posted January 23, 2019 Ug, I'm throwing in the towel on this. For a variety of reasons, it's proving too complicated. Here's a related question: can I just connect to the emby web app via https? I gave that a shot and when I went to click on my server, it said it wasn't available. Could that be because I have secure connections disabled in my server dashboard? If so, is there a guide on how to enable https for the web app? Last but not least, when connecting externally via the android app, is that connection secure? Or do I still have to mess with the SSL certificate business in the dashboard? Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 23, 2019 Share Posted January 23, 2019 Will I need to change the public https port on the server dashboard? I've seen one guide state that it needs to change to 443? So does that mean I need to forward port 80 to 443 on my router config? Sent from my Nexus 5X using Tapatalk You do not have to. Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 23, 2019 Share Posted January 23, 2019 Last but not least, when connecting externally via the android app, is that connection secure? If you have setup SSL, yes. Link to comment Share on other sites More sharing options...
Carlo 4328 Posted January 23, 2019 Share Posted January 23, 2019 Ug, I'm throwing in the towel on this. For a variety of reasons, it's proving too complicated. Before you throw in the towel I may be able to help you. If IONOS can supply you a cert of some kind all is not lost yet. It's just a matter of knowing what/how to use this and to integrate this in Emby if possibly which we don't know yet. If you can get a cert from them (or willing to get a cert elsewhere) then shoot me a PM. I can help you via TeamViewer or some other remote access mechanism to get this working if at all possible. Certs and converting them to a format Emby requires isn't hard but it's not straightforward either especially if it's your first time doing something like this. It's kind of par for the course for anyone who's done webserver work however (which probably isn't of help to a lot of people). Shoot me a PM if you want some personal help. We can then see what IONOS has available and what the course of action might be. Carlo Link to comment Share on other sites More sharing options...
Tur0k 143 Posted January 23, 2019 Share Posted January 23, 2019 Looks like ionos supports domain name services subdomains and ssl: https://www.ionos.com/domains/domain-names?nc=1548168161032 The basic process requires 3 separate steps. 1. Public domain preparation. Pickup a domain from a domain name service that: A Supports DDNS records (in the event you do not have a static IP with your ISP (Internet service provider). B. Allows the use of SSL certificates for the subdomains. (Some DDNS only providers do not support SSL). You will want to setup a DDNS for your new service on the site. Either setup a DDNS client on your Emby server or if your router supports it, setup the DDNS client to keep your new domain up to date. 2. Prepare your Emby server and router. A. Setup your Emby server with either a static IP or a DHCP reserved IP on your local LAN. A. Take care not to use an ip at the beginning of your home’s dhcp pool (preferably you want an IP address that is never going to be used. Dhcp reservation is cleaner and is done on your home router. B. Port forward port 8920 from your router’s wan Interface to your Emby server’s IP address. 3. Get an ssl certificate. It is important to note that you do not necessarily need to go with the same vendor you bought your domain name from. Ionos says to do the following to get your ssl certificate: https://www.ionos.com/help/ssl-certificates/administration-of-user-managed-ssl-certificates/downloading-the-ssl-public-key-and-intermediate-certificates/ The weird part is that conventionally you have to create a CSR (certificate signing request on a webservices (microsoft IIS or OpenSSL) upload that to your PKI SSL vendor then they give you a cert and chain that you then can convert to a password protected PFX file you can add to your Emby server. Send me a pm we can start a teamviewer session and I can help. Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
jonomite 29 Posted January 23, 2019 Author Share Posted January 23, 2019 @@cayars @@Tur0k Thanks so much for your offer to help. I really appreciate it. I'll do a more detailed write up on where I am tonight and maybe that'll help the troubleshooting without taking up too much of your time. I can definitely get an SSL certificate from IONOS. However, based on my initial troubleshooting, I'm not sure I have sufficient access to the server for my top level domain due to the package I'm on to get secure connections to that domain to work. Maybe there's a way around this. Also, I'm not sure at this point if I am allowed to have different SSL certificates for subdomains. My guess is not .. oye! Sent from my Nexus 5X using Tapatalk Link to comment Share on other sites More sharing options...
jonomite 29 Posted January 24, 2019 Author Share Posted January 24, 2019 Holy cow, I've had a breakthrough: I'm able to connect to the emby securely! I honestly don't know what did the trick... it seemed like it took some time for my SSL certificate (for which I used DNS verification on my subdomain) to fully propagate... maybe? Now... just one last question. Under secure connection mode, I have enabled "required for all remote connections." But, when I type app.emby.media into my browser, it still defaults to http instead of https. Am I missing something there? Thanks again for all the offers of assistance. Maybe my server got wind that the big guns were taking aim and decided to comply. Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 24, 2019 Share Posted January 24, 2019 Now... just one last question. Under secure connection mode, I have enabled "required for all remote connections." But, when I type app.emby.media into my browser, it still defaults to http instead of https. Am I missing something there? If you're inside the local network then it will use the lan address as it may perform better. Try actually testing from outside your network. Link to comment Share on other sites More sharing options...
jonomite 29 Posted January 24, 2019 Author Share Posted January 24, 2019 If you're inside the local network then it will use the lan address as it may perform better. Try actually testing from outside your network. Thanks for the reply. I'm trying to connect from my phone using my mobile network. Still seeing the same issue. Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 24, 2019 Share Posted January 24, 2019 Why do you feel that it's using http? Link to comment Share on other sites More sharing options...
jonomite 29 Posted January 24, 2019 Author Share Posted January 24, 2019 Why do you feel that it's using http?In chrome, I'm not getting the secure padlock icon. However, having said that, I checked the server log and it does appear to be that I'm connecting via https. So may it's a non-issue. Sent from my Nexus 5X using Tapatalk Link to comment Share on other sites More sharing options...
Luke 36888 Posted January 24, 2019 Share Posted January 24, 2019 Thanks for the feedback. Link to comment Share on other sites More sharing options...
Tur0k 143 Posted January 25, 2019 Share Posted January 25, 2019 (edited) From what I read they give you a wildcard (should work for all subdomains). Glad to hear you got it working. Could also be your browsers history. Try typing https://app.emby.media. Edited January 25, 2019 by Tur0k Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now