Jump to content


Photo

HTTPS / acme-challenge setup

https dns dyndns

Best Answer Q-Droid , 06 October 2019 - 03:38 PM

Did you verify the PFX after you created it, using the same password as the one stored in Emby?
 
openssl pkcs12 -info -in examplesprio.pfx -nodes
 
Also make sure the user emby has at least read access to the PFX file.
Go to the full post


  • Please log in to reply
5 replies to this topic

#1 Tomblarom OFFLINE  

Tomblarom

    Newbie

  • Members
  • 3 posts
  • Local time: 01:51 AM

Posted 06 October 2019 - 05:17 AM

Hey, I'm fairly new to Emby and securing your sites through SSL certificates, but pretty experienced in portforwarding, dyndns, debian... Nevertheless I wanted to make my Emby portal opened to the public, HTTPS only. I followed the steps of this guide (https://github.com/M...ure-Your-Server).

 

I have a subdomain (example.spr.io) on freedns.afraid.org updated through DynDNS of my FritzBox router and running Emby on my Debian Homeserver utilizing Proxmox for the virtualization. I had Let's encrypt already setup correctly and my certificates under /etc/letsencrypt/live/example.spr.io. Then I generated the value for the TXT record using certbot -d example.spr.io --manual --preferred-challenges dns certonly. During the generation, I was asked to add the TXT record as _acme-challenge.example.spr.io to my freedns account and successfully done so:

 

5d99af761bd69_2019100610_53_23Subdomains

 

Afterwards I used the command openssl pkcs12 -export -out examplesprio.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem to generate the .pfx file, moved it to /opt/emby-server/etc/ssl/examplesprio.pfx and applied the new settings:

 

5d99b0a9c11ac_2019100611_13_22Advanced.p

 

 

Issue:

In theory everything should be fine and running, but it's not. Directly getting ERR_CONNECTION_RESET on requesting the site..


Edited by Tomblarom, 06 October 2019 - 05:20 AM.


#2 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 139791 posts
  • Local time: 06:51 PM

Posted 06 October 2019 - 01:01 PM

Hi, you've got a lot of variables here. Have you tried with the default ports?

#3 Tomblarom OFFLINE  

Tomblarom

    Newbie

  • Members
  • 3 posts
  • Local time: 01:51 AM

Posted 06 October 2019 - 01:40 PM

Hi, you've got a lot of variables here. Have you tried with the default ports?

Thanks for answering. Yes, just checked that. HTTP is reachable on 8096 and on my custom port 4037, but not HTTPS.


Edited by Tomblarom, 06 October 2019 - 01:41 PM.


#4 Q-Droid OFFLINE  

Q-Droid

    Advanced Member

  • Members
  • 313 posts
  • Local time: 06:51 PM

Posted 06 October 2019 - 03:38 PM   Best Answer

Did you verify the PFX after you created it, using the same password as the one stored in Emby?
 
openssl pkcs12 -info -in examplesprio.pfx -nodes
 
Also make sure the user emby has at least read access to the PFX file.

  • Tomblarom likes this

#5 Tomblarom OFFLINE  

Tomblarom

    Newbie

  • Members
  • 3 posts
  • Local time: 01:51 AM

Posted 07 October 2019 - 10:38 AM

Did you verify the PFX after you created it, using the same password as the one stored in Emby?

I just checked that and it seems the password was malicious or incorrect. Recreated the .pfx file and reentered it into Emby settings. Maybe it's taking some time, but still no successful connection. Tried different browser and emptying the cache data.

 

 

Also make sure the user emby has at least read access to the PFX file.

Made the file owned by Emby chown emby:emby examplesprio.pfx and changed the permission chmod 777 examplesprio.pfx. That's what I'm getting for ls -l:

root@exp-dbn:/opt/emby-server/etc/ssl # ls -ls
insgesamt 12
8 -rwxrwxrwx 1 emby emby 4181 Okt  7 16:24 examplesprio.pfx
4 drwxr-xr-x 2 emby emby 4096 Okt  4 09:20 certs

EDIT: Got it! Thanks. Forgot to restart Emby and it's connecting now! Make sure to type and not copy the password.


Edited by Tomblarom, 07 October 2019 - 10:44 AM.


#6 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 139791 posts
  • Local time: 06:51 PM

Posted 07 October 2019 - 01:18 PM

Glad to hear you sorted it out.







Also tagged with one or more of these keywords: https, dns, dyndns

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users