Remote Access Nightmare

[notla49285 46]

My SSL certificate ran out this morning and I've had a fucking awful day and night trying to sort it since.

 

I created a new certificate for my domain using sslforfree.com, got the certificate files, converted to .pfx using https://www.sslshopper.com/ssl-converter.html, set the password, got the pfx, moved it to my Emby server, updated the password in Emby dashboard and saved the settings. I still cannot get to my emby server using the same https site.

 

- I've checked that the domain was still valid (it is, otherwise I couldn't have set up the SSL certificate)

- The Android app: see below

- The Windows 10 theatre app: see below

- Web app returns a failed connection (see attachments)

 

Regarding apps, they were able to connect to my server but I had concerns this wasn't over an SSL connection. Whilst checking my router settings I found that there were ports open that may potentially allow unsecure connections. When I shut these down and left only the SSL port open, both apps stopped working. That suggests they were accessing via an unsecure connection, despite me specifying in the dashboard that only secure connections were allowed to access the server, so I'm more than a little pissed off about that. Still, it's locked down now so I just won't trust Emby's secure access setting any more.

 

In the Emby dashboard, the In-Home (LAN) access says "http://[Local IP]:8096" - this is fine. However, for Remote (WAN) access, it says "http://[My Domain]:8096" - firstly, this should be https NOT http, I have specified https within the "External domain" field. Second, it should be set as port 443, again I have specified this under "Public HTTPS port number". I have run Wireshark on the server and filtered by my mobile phone's IP (using 4G connection, WiFi is off so definitely not doing anything locally) and port 443, attempted to visit https://[My Domain] and can see that traffic is coming through on that port, so it's not a router or firewall issue.

 

Please can somebody assist with this ASAP, this seems to be Emby server not using the https site and port I've specified (as indicated on Dashboard home) and therefore not responding to incoming traffic on port 443?

[Luke 37128]

https is always on a different port. 

 

 

 

I have specified https within the "External domain" field.

That's not what you do. Instead, just enter the domain there, and use the other fields to configure https.

[notla49285 46]

I have removed "https://" from the domain URL and it has made no difference, see attached shots of my current settings and what the dashboard is saying.

[Happy2Play 8315]

What is "Secure connection mode" set to?

[notla49285 46]

What is "Secure connection mode" set to?

 

Required for all remote connections

[notla49285 46]

Also forgot to add that I'm watching the Emby server log live and there is nothing coming through when I'm attempting to access from my phone browser

[Guest asrequested]

I didn't think you needed to convert to pfx anymore. I thought the server would handle that, now?

[Angus Black 4]

I just went through the same (similar) steps and SSL is working.

 

The only things I did differently were;

I used https://decoder.link/converter to do the pfx conversion.

I didn't use a password.

I used the default port, 8920 rather than 443

 

Some ISPs block 443.

[Angus Black 4]

I didn't think you needed to convert to pfx anymore. I thought the server would handle that, now?

It appears to require pfx. I tried using just the PEM files and it wouldn't work.

[notla49285 46]

I didn't use a password.

I'm not comfortable with using a certificate without a password, this is standard practice and I don't see why Emby shouldn't be able to deal with it.

 

I used the default port, 8920 rather than 443

 

Some ISPs block 443.

Did you not read the part where I said I saw traffic coming through on that port when attempting to access remotely?

Edited February 20, 2019 by notla49285

[Angus Black 4]

I read your post.

I'm just telling you what I did to get it to work.

[notla49285 46]

I read your post.

I'm just telling you what I did to get it to work.

Ok, noted, but from the details I've listed here it seems there is a serious problem that isn't related to my router, firewalls, domain or ISP. Even if it turns out there is an issue with the certificate or Emby's processing of it, I'd also like to know why it was allowing unsecure connections through when I specifically set it not to. I don't know how long it's been doing this and it concerns me a lot.

[notla49285 46]

I've now resolved the problem. I renamed the certificate file (still same password, just literally renamed the file), changed the certificate path in the remote access settings and restated Emby server. When it restarted, the external access URL was correct on the dashboard and I can now sign into the web app via my domain (no certificate errors) and the Android app via Emby Connect (I will see if I can check this is a secure connection in the morning).

 

I had already restarted the server before trying this, so I'd suggest there is an issue when a certificate is updated to a new one with the same name. I'm also still concerned that it was allowing unsecure connections despite this being required in the settings.

Edited February 20, 2019 by notla49285

[Luke 37128]

Thanks for the feedback.