notla49285 46 Posted February 19, 2019 Share Posted February 19, 2019 My SSL certificate ran out this morning and I've had a fucking awful day and night trying to sort it since. I created a new certificate for my domain using sslforfree.com, got the certificate files, converted to .pfx using https://www.sslshopper.com/ssl-converter.html, set the password, got the pfx, moved it to my Emby server, updated the password in Emby dashboard and saved the settings. I still cannot get to my emby server using the same https site. - I've checked that the domain was still valid (it is, otherwise I couldn't have set up the SSL certificate) - The Android app: see below - The Windows 10 theatre app: see below - Web app returns a failed connection (see attachments) Regarding apps, they were able to connect to my server but I had concerns this wasn't over an SSL connection. Whilst checking my router settings I found that there were ports open that may potentially allow unsecure connections. When I shut these down and left only the SSL port open, both apps stopped working. That suggests they were accessing via an unsecure connection, despite me specifying in the dashboard that only secure connections were allowed to access the server, so I'm more than a little pissed off about that. Still, it's locked down now so I just won't trust Emby's secure access setting any more. In the Emby dashboard, the In-Home (LAN) access says "http://[Local IP]:8096" - this is fine. However, for Remote (WAN) access, it says "http://[My Domain]:8096" - firstly, this should be https NOT http, I have specified https within the "External domain" field. Second, it should be set as port 443, again I have specified this under "Public HTTPS port number". I have run Wireshark on the server and filtered by my mobile phone's IP (using 4G connection, WiFi is off so definitely not doing anything locally) and port 443, attempted to visit https://[My Domain] and can see that traffic is coming through on that port, so it's not a router or firewall issue. Please can somebody assist with this ASAP, this seems to be Emby server not using the https site and port I've specified (as indicated on Dashboard home) and therefore not responding to incoming traffic on port 443? Link to comment Share on other sites More sharing options...
Luke 37253 Posted February 19, 2019 Share Posted February 19, 2019 https is always on a different port. I have specified https within the "External domain" field. That's not what you do. Instead, just enter the domain there, and use the other fields to configure https. Link to comment Share on other sites More sharing options...
notla49285 46 Posted February 19, 2019 Author Share Posted February 19, 2019 I have removed "https://" from the domain URL and it has made no difference, see attached shots of my current settings and what the dashboard is saying. Link to comment Share on other sites More sharing options...
Happy2Play 8356 Posted February 19, 2019 Share Posted February 19, 2019 What is "Secure connection mode" set to? Link to comment Share on other sites More sharing options...
notla49285 46 Posted February 19, 2019 Author Share Posted February 19, 2019 What is "Secure connection mode" set to? Required for all remote connections Link to comment Share on other sites More sharing options...
notla49285 46 Posted February 19, 2019 Author Share Posted February 19, 2019 Also forgot to add that I'm watching the Emby server log live and there is nothing coming through when I'm attempting to access from my phone browser Link to comment Share on other sites More sharing options...
Guest asrequested Posted February 19, 2019 Share Posted February 19, 2019 I didn't think you needed to convert to pfx anymore. I thought the server would handle that, now? Link to comment Share on other sites More sharing options...
Angus Black 4 Posted February 20, 2019 Share Posted February 20, 2019 I just went through the same (similar) steps and SSL is working. The only things I did differently were; I used https://decoder.link/converter to do the pfx conversion. I didn't use a password. I used the default port, 8920 rather than 443 Some ISPs block 443. Link to comment Share on other sites More sharing options...
Angus Black 4 Posted February 20, 2019 Share Posted February 20, 2019 I didn't think you needed to convert to pfx anymore. I thought the server would handle that, now? It appears to require pfx. I tried using just the PEM files and it wouldn't work. Link to comment Share on other sites More sharing options...
notla49285 46 Posted February 20, 2019 Author Share Posted February 20, 2019 (edited) I didn't use a password. I'm not comfortable with using a certificate without a password, this is standard practice and I don't see why Emby shouldn't be able to deal with it. I used the default port, 8920 rather than 443 Some ISPs block 443. Did you not read the part where I said I saw traffic coming through on that port when attempting to access remotely? Edited February 20, 2019 by notla49285 Link to comment Share on other sites More sharing options...
Angus Black 4 Posted February 20, 2019 Share Posted February 20, 2019 I read your post. I'm just telling you what I did to get it to work. Link to comment Share on other sites More sharing options...
notla49285 46 Posted February 20, 2019 Author Share Posted February 20, 2019 I read your post. I'm just telling you what I did to get it to work. Ok, noted, but from the details I've listed here it seems there is a serious problem that isn't related to my router, firewalls, domain or ISP. Even if it turns out there is an issue with the certificate or Emby's processing of it, I'd also like to know why it was allowing unsecure connections through when I specifically set it not to. I don't know how long it's been doing this and it concerns me a lot. Link to comment Share on other sites More sharing options...
Solution notla49285 46 Posted February 20, 2019 Author Solution Share Posted February 20, 2019 (edited) I've now resolved the problem. I renamed the certificate file (still same password, just literally renamed the file), changed the certificate path in the remote access settings and restated Emby server. When it restarted, the external access URL was correct on the dashboard and I can now sign into the web app via my domain (no certificate errors) and the Android app via Emby Connect (I will see if I can check this is a secure connection in the morning). I had already restarted the server before trying this, so I'd suggest there is an issue when a certificate is updated to a new one with the same name. I'm also still concerned that it was allowing unsecure connections despite this being required in the settings. Edited February 20, 2019 by notla49285 Link to comment Share on other sites More sharing options...
Luke 37253 Posted February 20, 2019 Share Posted February 20, 2019 Thanks for the feedback. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now