Jump to content

Step by Step for SSL

bflagg

By bflagg
in General/Windows

 Share

Recommended Posts

bflagg

bflagg 2

Posted
Posted

Do you have a step by step for SSL setup for EMBY?

 

  • 2 weeks later...
crusher11

crusher11 979

Posted
Posted

In step 10, what's the IP address of my server? The WAN address or the LAN address?

Senna

Senna 368

Posted
Posted

In step 10, what's the IP address of my server? The WAN address or the LAN address?

Step 10 is about forwarding external traffic on your router, to your Emby Server on your LAN, so it needs the LAN address there.
  • Like 1
crusher11

crusher11 979

Posted
Posted

So I've set this up, but I get a 522 error when trying to connect remotely and the Security Headers website says it can't be checked because it failed validation.

crusher11

crusher11 979

Posted
Posted

Further info: CanYouSeeMe.org shows port 443 as open, but not port 80. Which makes sense given I forwarded 443 but not 80. So it seems the issue is somewhere in the SSL setup process rather than the remote connection process.

Senna

Senna 368

Posted
Posted

Please compare the output of the following:

https://WAN-IP:443/emby/system/info/public

https://Domain-URL:443/emby/system/info/public

Do you get a response in web browser on BOTH requests ?

crusher11

crusher11 979

Posted
Posted (edited)

The domain gives a Cloudflare 522 error, the WAN IP gives a browser "this page is not secure" error:

[WAN IP] uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. The certificate is only valid for the following names: [domain] Error code: SEC_ERROR_UNKNOWN_ISSUER

 

 

Skipping past that, I do indeed get some sort of info page with server name, version, etc. If I remove the info stuff and go to https://WANIP:443 I get an Emby login page.

Edited by crusher11
Senna

Senna 368

Posted
Posted

the WAN IP gives a browser "this page is not secure" error:

That's normal, because your Cloudflare SSL certificate is only used when your connection is done with domain name, through Cloudflare.

 

Skipping past that, I do indeed get some sort of info page with server name, version, etc. If I remove the info stuff and go to https://WANIP:443 I get an Emby login page.

Good, that tells us the port forward on router is working OK and your Emby server can be reached externally with WAN IP.

Now you have to check your Cloudflare domain setup, including how you created your SSL certificate and your Emby Advanced Setup, regarding external access with domain and SSL certificate.

  • Like 1
crusher11

crusher11 979

Posted
Posted (edited)

What should I be checking? I have no idea where I could have gone wrong.
 

Never mind, there was a typo in the WAN IP on the Cloudflare setup. But now that I've changed it I'm getting a message saying that no A, AAA or MX records were found on the various domains or something?

Edited by crusher11
Senna

Senna 368

Posted
Posted

But now that I've changed it I'm getting a message saying that no A, AAA or MX records were found on the various domains or something?

Ignore those, as long you have a type A record with proxy status with an orange cloud, you are good to go.

 

Now you have fixed the typo with WAN IP in Cloudflare, what happens when you enter :

https://Domain-URL:443/emby/system/info/public
Do you get the same response compared to when you use the WAN IP ?
  • Like 1
crusher11

crusher11 979

Posted
Posted

Yep, it seems to be working now.

  • Like 1
Senna

Senna 368

Posted
Posted

Yep, it seems to be working now.

Enjoy :) 

Senna

Senna 368

Posted
Posted

Aren't the first two the same thing?

If you don't scroll any further, than you could say those are the same :rolleyes:

But if you do... ;)

  • Like 2
  • 9 months later...
richardvrusso

richardvrusso 12

Posted
Posted

Hi everyone,

I'm following post #4 though getting stuck at step 11. Does cloudflare not like .tk TLD's? It's been all night and cloudflare still says the dns check is not updated.

 

Regards,

Rich

crusher11

crusher11 979

Posted
Posted

I've been using a .tk with zero issues. Not sure how long it took to get started though.

richardvrusso

richardvrusso 12

Posted
Posted

Crusher11 good to know. I'll give it some more time. It was last night I started this. Thx.

richardvrusso

richardvrusso 12

Posted
Posted

I think I'm almost there! When I enable secure connections shouldn't it display that info on the dashboard? I'm only seeing http info.

Luke Emby Team

Luke 40111

Posted
Posted

I think I'm almost there! When I enable secure connections shouldn't it display that info on the dashboard? I'm only seeing http info.

Hi, what do you mean by only seeing http info?

richardvrusso

richardvrusso 12

Posted
Posted (edited)

Hey Luke,

Here is a pic of the dashboard. Should I see here https addresses?

post-430212-0-22772000-1588399582_thumb.jpg

Edited by richardvrusso
pwhodges

pwhodges 1855

Posted
Posted

I see this:

 

5ead3cc76e342_dash.jpg

 

I don't have local https set up (my Caddy proxy does that), and in practice I use the https remote access even at home, as the router happily loops it back; that way I can take my portable devices in and out of the house with no break of service as they switch between wifi and phone data.

 

Paul

richardvrusso

richardvrusso 12

Posted
Posted

see mine doesn't look like that. Maybe it's the current version I'm on?

 

Side note, I do want to try Caddy. I like the idea of a secure front to any servers/services on the network.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...