Jump to content


Photo

Step by Step for SSL

SSL

  • Please log in to reply
16 replies to this topic

#1 bflagg OFFLINE  

bflagg

    Advanced Member

  • Members
  • 55 posts
  • Local time: 11:17 AM

Posted 16 July 2019 - 02:11 PM

Do you have a step by step for SSL setup for EMBY?

 



#2 byusinger84 OFFLINE  

byusinger84

    Advanced Member

  • Members
  • 36 posts
  • Local time: 09:17 AM
  • LocationSalt Lake City, Utah

Posted 16 July 2019 - 04:51 PM

This is the one I use. Works well.

https://mythofechelo...ver-and-windows

#3 Senna OFFLINE  

Senna

    iOS - iPadOS - tvOS

  • Members
  • 1158 posts
  • Local time: 04:17 PM

Posted 16 July 2019 - 05:19 PM

https://blog.awelswy...flare-with-emby

 

And some more:

https://blog.awelswy...k/category/emby

 

And if you want some reading, go here:

https://emby.media/c...re-connections/


  • Spaceboy and igeoorge like this

#4 Spaceboy OFFLINE  

Spaceboy

    Advanced Member

  • Members
  • 3949 posts
  • Local time: 03:17 PM

Posted 17 July 2019 - 05:11 AM

https://blog.awelswy...flare-with-emby

And some more:
https://blog.awelswy...k/category/emby

And if you want some reading, go here:
https://emby.media/c...re-connections/

ive been using the awel swynol method for a few years now. Works perfectly

#5 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 632 posts
  • Local time: 11:17 PM

Posted 25 July 2019 - 11:12 AM

In step 10, what's the IP address of my server? The WAN address or the LAN address?



#6 Senna OFFLINE  

Senna

    iOS - iPadOS - tvOS

  • Members
  • 1158 posts
  • Local time: 04:17 PM

Posted 25 July 2019 - 03:44 PM

In step 10, what's the IP address of my server? The WAN address or the LAN address?

Step 10 is about forwarding external traffic on your router, to your Emby Server on your LAN, so it needs the LAN address there.
  • crusher11 likes this

#7 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 632 posts
  • Local time: 11:17 PM

Posted 30 July 2019 - 04:48 AM

So I've set this up, but I get a 522 error when trying to connect remotely and the Security Headers website says it can't be checked because it failed validation.



#8 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 632 posts
  • Local time: 11:17 PM

Posted 30 July 2019 - 07:14 AM

Further info: CanYouSeeMe.org shows port 443 as open, but not port 80. Which makes sense given I forwarded 443 but not 80. So it seems the issue is somewhere in the SSL setup process rather than the remote connection process.



#9 Senna OFFLINE  

Senna

    iOS - iPadOS - tvOS

  • Members
  • 1158 posts
  • Local time: 04:17 PM

Posted 30 July 2019 - 09:08 AM

Please compare the output of the following:

https://WAN-IP:443/emby/system/info/public

https://Domain-URL:443/emby/system/info/public

Do you get a response in web browser on BOTH requests ?



#10 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 632 posts
  • Local time: 11:17 PM

Posted 30 July 2019 - 09:22 AM

The domain gives a Cloudflare 522 error, the WAN IP gives a browser "this page is not secure" error:

[WAN IP] uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. The certificate is only valid for the following names: [domain] Error code: SEC_ERROR_UNKNOWN_ISSUER

 

 

Skipping past that, I do indeed get some sort of info page with server name, version, etc. If I remove the info stuff and go to https://WANIP:443 I get an Emby login page.


Edited by crusher11, 30 July 2019 - 09:24 AM.


#11 Senna OFFLINE  

Senna

    iOS - iPadOS - tvOS

  • Members
  • 1158 posts
  • Local time: 04:17 PM

Posted 30 July 2019 - 09:36 AM

the WAN IP gives a browser "this page is not secure" error:

That's normal, because your Cloudflare SSL certificate is only used when your connection is done with domain name, through Cloudflare.
 

Skipping past that, I do indeed get some sort of info page with server name, version, etc. If I remove the info stuff and go to https://WANIP:443 I get an Emby login page.

Good, that tells us the port forward on router is working OK and your Emby server can be reached externally with WAN IP.
Now you have to check your Cloudflare domain setup, including how you created your SSL certificate and your Emby Advanced Setup, regarding external access with domain and SSL certificate.
  • crusher11 likes this

#12 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 632 posts
  • Local time: 11:17 PM

Posted 30 July 2019 - 09:39 AM

What should I be checking? I have no idea where I could have gone wrong.
 

Never mind, there was a typo in the WAN IP on the Cloudflare setup. But now that I've changed it I'm getting a message saying that no A, AAA or MX records were found on the various domains or something?


Edited by crusher11, 30 July 2019 - 09:41 AM.


#13 Senna OFFLINE  

Senna

    iOS - iPadOS - tvOS

  • Members
  • 1158 posts
  • Local time: 04:17 PM

Posted 30 July 2019 - 09:50 AM

But now that I've changed it I'm getting a message saying that no A, AAA or MX records were found on the various domains or something?

Ignore those, as long you have a type A record with proxy status with an orange cloud, you are good to go.

Now you have fixed the typo with WAN IP in Cloudflare, what happens when you enter :
https://Domain-URL:443/emby/system/info/public
Do you get the same response compared to when you use the WAN IP ?
  • crusher11 likes this

#14 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 632 posts
  • Local time: 11:17 PM

Posted 30 July 2019 - 09:51 AM

Yep, it seems to be working now.


  • Senna likes this

#15 Senna OFFLINE  

Senna

    iOS - iPadOS - tvOS

  • Members
  • 1158 posts
  • Local time: 04:17 PM

Posted 30 July 2019 - 09:54 AM

Yep, it seems to be working now.

Enjoy :) 



#16 BillOatman OFFLINE  

BillOatman

    Advanced Member

  • Members
  • 491 posts
  • Local time: 10:17 AM

Posted 30 July 2019 - 10:43 AM

Aren't the first two the same thing?



#17 Senna OFFLINE  

Senna

    iOS - iPadOS - tvOS

  • Members
  • 1158 posts
  • Local time: 04:17 PM

Posted 30 July 2019 - 10:53 AM

Aren't the first two the same thing?

If you don't scroll any further, than you could say those are the same :rolleyes:

But if you do... ;)


  • Spaceboy and BillOatman like this





Also tagged with one or more of these keywords: SSL

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users