Jump to content
Tomblarom

ANSWERED HTTPS / acme-challenge setup

Recommended Posts

Tomblarom

Hey, I'm fairly new to Emby and securing your sites through SSL certificates, but pretty experienced in portforwarding, dyndns, debian... Nevertheless I wanted to make my Emby portal opened to the public, HTTPS only. I followed the steps of this guide (https://github.com/MediaBrowser/Wiki/wiki/Secure-Your-Server).

 

I have a subdomain (example.spr.io) on freedns.afraid.org updated through DynDNS of my FritzBox router and running Emby on my Debian Homeserver utilizing Proxmox for the virtualization. I had Let's encrypt already setup correctly and my certificates under /etc/letsencrypt/live/example.spr.io. Then I generated the value for the TXT record using certbot -d example.spr.io --manual --preferred-challenges dns certonly. During the generation, I was asked to add the TXT record as _acme-challenge.example.spr.io to my freedns account and successfully done so:

 

5d99af761bd69_2019100610_53_23Subdomains

 

Afterwards I used the command openssl pkcs12 -export -out examplesprio.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem to generate the .pfx file, moved it to /opt/emby-server/etc/ssl/examplesprio.pfx and applied the new settings:

 

5d99b0a9c11ac_2019100611_13_22Advanced.p

 

 

Issue:

In theory everything should be fine and running, but it's not. Directly getting ERR_CONNECTION_RESET on requesting the site..

Edited by Tomblarom

Share this post


Link to post
Share on other sites
Luke

Hi, you've got a lot of variables here. Have you tried with the default ports?

Share this post


Link to post
Share on other sites
Tomblarom

Hi, you've got a lot of variables here. Have you tried with the default ports?

Thanks for answering. Yes, just checked that. HTTP is reachable on 8096 and on my custom port 4037, but not HTTPS.

Edited by Tomblarom

Share this post


Link to post
Share on other sites
Q-Droid
Did you verify the PFX after you created it, using the same password as the one stored in Emby?

 

openssl pkcs12 -info -in examplesprio.pfx -nodes

 

Also make sure the user emby has at least read access to the PFX file.
  • Like 1

Share this post


Link to post
Share on other sites
Tomblarom
Did you verify the PFX after you created it, using the same password as the one stored in Emby?

I just checked that and it seems the password was malicious or incorrect. Recreated the .pfx file and reentered it into Emby settings. Maybe it's taking some time, but still no successful connection. Tried different browser and emptying the cache data.

 

 

Also make sure the user emby has at least read access to the PFX file.

Made the file owned by Emby chown emby:emby examplesprio.pfx and changed the permission chmod 777 examplesprio.pfx. That's what I'm getting for ls -l:

root@exp-dbn:/opt/emby-server/etc/ssl # ls -ls
insgesamt 12
8 -rwxrwxrwx 1 emby emby 4181 Okt  7 16:24 examplesprio.pfx
4 drwxr-xr-x 2 emby emby 4096 Okt  4 09:20 certs

EDIT: Got it! Thanks. Forgot to restart Emby and it's connecting now! Make sure to type and not copy the password.

Edited by Tomblarom

Share this post


Link to post
Share on other sites
Luke

Glad to hear you sorted it out.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...