Jump to content

Step by Step for SSL


bflagg

Recommended Posts

  • 2 weeks later...
Senna

In step 10, what's the IP address of my server? The WAN address or the LAN address?

Step 10 is about forwarding external traffic on your router, to your Emby Server on your LAN, so it needs the LAN address there.
  • Like 1
Link to comment
Share on other sites

crusher11

So I've set this up, but I get a 522 error when trying to connect remotely and the Security Headers website says it can't be checked because it failed validation.

Link to comment
Share on other sites

crusher11

Further info: CanYouSeeMe.org shows port 443 as open, but not port 80. Which makes sense given I forwarded 443 but not 80. So it seems the issue is somewhere in the SSL setup process rather than the remote connection process.

Link to comment
Share on other sites

Senna

Please compare the output of the following:

https://WAN-IP:443/emby/system/info/public

https://Domain-URL:443/emby/system/info/public

Do you get a response in web browser on BOTH requests ?

Link to comment
Share on other sites

crusher11

The domain gives a Cloudflare 522 error, the WAN IP gives a browser "this page is not secure" error:

[WAN IP] uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. The certificate is only valid for the following names: [domain] Error code: SEC_ERROR_UNKNOWN_ISSUER

 

 

Skipping past that, I do indeed get some sort of info page with server name, version, etc. If I remove the info stuff and go to https://WANIP:443 I get an Emby login page.

Edited by crusher11
Link to comment
Share on other sites

Senna

the WAN IP gives a browser "this page is not secure" error:

That's normal, because your Cloudflare SSL certificate is only used when your connection is done with domain name, through Cloudflare.

 

Skipping past that, I do indeed get some sort of info page with server name, version, etc. If I remove the info stuff and go to https://WANIP:443 I get an Emby login page.

Good, that tells us the port forward on router is working OK and your Emby server can be reached externally with WAN IP.

Now you have to check your Cloudflare domain setup, including how you created your SSL certificate and your Emby Advanced Setup, regarding external access with domain and SSL certificate.

  • Like 1
Link to comment
Share on other sites

crusher11

What should I be checking? I have no idea where I could have gone wrong.
 

Never mind, there was a typo in the WAN IP on the Cloudflare setup. But now that I've changed it I'm getting a message saying that no A, AAA or MX records were found on the various domains or something?

Edited by crusher11
Link to comment
Share on other sites

Senna

But now that I've changed it I'm getting a message saying that no A, AAA or MX records were found on the various domains or something?

Ignore those, as long you have a type A record with proxy status with an orange cloud, you are good to go.

 

Now you have fixed the typo with WAN IP in Cloudflare, what happens when you enter :

https://Domain-URL:443/emby/system/info/public
Do you get the same response compared to when you use the WAN IP ?
  • Like 1
Link to comment
Share on other sites

Senna

Aren't the first two the same thing?

If you don't scroll any further, than you could say those are the same :rolleyes:

But if you do... ;)

  • Like 2
Link to comment
Share on other sites

  • 9 months later...
richardvrusso

Hi everyone,

I'm following post #4 though getting stuck at step 11. Does cloudflare not like .tk TLD's? It's been all night and cloudflare still says the dns check is not updated.

 

Regards,

Rich

Link to comment
Share on other sites

crusher11

I've been using a .tk with zero issues. Not sure how long it took to get started though.

Link to comment
Share on other sites

richardvrusso

Crusher11 good to know. I'll give it some more time. It was last night I started this. Thx.

Link to comment
Share on other sites

richardvrusso

I think I'm almost there! When I enable secure connections shouldn't it display that info on the dashboard? I'm only seeing http info.

Link to comment
Share on other sites

I think I'm almost there! When I enable secure connections shouldn't it display that info on the dashboard? I'm only seeing http info.

Hi, what do you mean by only seeing http info?

Link to comment
Share on other sites

richardvrusso

Hey Luke,

Here is a pic of the dashboard. Should I see here https addresses?

post-430212-0-22772000-1588399582_thumb.jpg

Edited by richardvrusso
Link to comment
Share on other sites

pwhodges

I see this:

 

5ead3cc76e342_dash.jpg

 

I don't have local https set up (my Caddy proxy does that), and in practice I use the https remote access even at home, as the router happily loops it back; that way I can take my portable devices in and out of the house with no break of service as they switch between wifi and phone data.

 

Paul

Link to comment
Share on other sites

richardvrusso

see mine doesn't look like that. Maybe it's the current version I'm on?

 

Side note, I do want to try Caddy. I like the idea of a secure front to any servers/services on the network.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...