notla49285 46 Posted September 20, 2019 Share Posted September 20, 2019 (edited) As a bit of background, I had two Emby servers on two different subdomains of a domain I own, whilst testing moving from one to another. For the sake of this post, the old server was running on emby.mydomain.com and the new one running on emby-test.mydomain.com. This was using a reverse proxy running on my DS918+. The reverse proxy was sending emby.mydomain.com to the IP address of the old server on port 8096 and sending emby-test.mydomain.com to localhost:8096 (so, forwarding to itself on Emby's designated port). This all worked with no problems with both subdomains. The old server (which was running on emby.mydomain.com) has now been shut down, so I changed the Emby advanced settings on the new one to use the subdomain emby.mydomain.com. Router is still set up to forward traffic on port 443 to my new server's IP (which is then handled by the reverse proxy and redirected accordingly), and the server itself (Synology DS918+) has had it's reverse proxy settings changed so that emby.mydomain.com gets forwarded to localhost:8096. I generated a new certificate for emby.mydomain.com, converted it to PKCS #12 format with password, added it to DS918+ file system, pointed Emby advanced settings to it and updated the certificate password in Emby settings. Saved new settings and restarted Emby. Now, when I visit emby.mydomain.com, I get a certificate error returned due to mismatch of domain and an expired certificate. The certificate that's being sent back to my web client is for emby-test.mydomain.com - the old certificate that expired on 18/09/2019. I have had this error even after updating the certificate on Emby TWICE. I don't think this is due to propagation or caching because it's been nearly two days and I'm still being sent the wrong certificate. I was using cache drives in the DS918+ but have now removed these, restarted the DS (and therefore Emby) and am still having the same problem. The old certificate isn't even on the DS anymore so I've no idea where this is coming from?? Edit: And I've made a typo in the title and can't change it, can any admins change "updating" to "updated"? Edit 2: I've just removed remote access and restarted the server, enabled remote access again and I see that my previous settings are already there. Firstly, this should not happen, because for one thing it's storing a password when I don't want it to, and in any case if I say to remove remote access then there is no need to retain the settings for it. Secondly, does this mean that Emby has cached the SSL certificate somewhere? Or does it just store a file path to the certificate? The old certificate file has been deleted from the file system and there aren't any other servers involved, so I don't understand how this is actually possible unless Emby has kept a version of the certificate for itself?? Edited September 20, 2019 by notla49285 1 Link to comment Share on other sites More sharing options...
Luke 37066 Posted September 20, 2019 Share Posted September 20, 2019 It only stores a path to the certificate. It does not make a copy of it. Link to comment Share on other sites More sharing options...
notla49285 46 Posted September 20, 2019 Author Share Posted September 20, 2019 (edited) @@Luke Do you have any suggestions as to where this old certificate may be coming from? Edited September 20, 2019 by notla49285 Link to comment Share on other sites More sharing options...
Luke 37066 Posted September 20, 2019 Share Posted September 20, 2019 Have you tried rebooting the nas? Link to comment Share on other sites More sharing options...
Q-Droid 643 Posted September 20, 2019 Share Posted September 20, 2019 Are you still using the reverse proxy? 1 Link to comment Share on other sites More sharing options...
notla49285 46 Posted September 20, 2019 Author Share Posted September 20, 2019 I found the answer. It's the reverse proxy that holds and issues the certificate, not Emby. Therefore, when selecting reverse proxy option in Emby, there's no point adding a certificate file. I looked at the DSM control panel and found that it was holding the old certificate still. Replaced it there and now it's all fine. I'm not sure if this is Synology-specific, but if not, maybe it would be an idea to hide the certificate options when selecting reverse proxy option? Link to comment Share on other sites More sharing options...
Luke 37066 Posted September 21, 2019 Share Posted September 21, 2019 That might make sense. Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now