Tomblarom 0 Posted October 6, 2019 Posted October 6, 2019 (edited) Hey, I'm fairly new to Emby and securing your sites through SSL certificates, but pretty experienced in portforwarding, dyndns, debian... Nevertheless I wanted to make my Emby portal opened to the public, HTTPS only. I followed the steps of this guide (https://github.com/MediaBrowser/Wiki/wiki/Secure-Your-Server). I have a subdomain (example.spr.io) on freedns.afraid.org updated through DynDNS of my FritzBox router and running Emby on my Debian Homeserver utilizing Proxmox for the virtualization. I had Let's encrypt already setup correctly and my certificates under /etc/letsencrypt/live/example.spr.io. Then I generated the value for the TXT record using certbot -d example.spr.io --manual --preferred-challenges dns certonly. During the generation, I was asked to add the TXT record as _acme-challenge.example.spr.io to my freedns account and successfully done so: Afterwards I used the command openssl pkcs12 -export -out examplesprio.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem to generate the .pfx file, moved it to /opt/emby-server/etc/ssl/examplesprio.pfx and applied the new settings: Issue: In theory everything should be fine and running, but it's not. Directly getting ERR_CONNECTION_RESET on requesting the site.. Edited October 6, 2019 by Tomblarom
Luke 38499 Posted October 6, 2019 Posted October 6, 2019 Hi, you've got a lot of variables here. Have you tried with the default ports?
Tomblarom 0 Posted October 6, 2019 Author Posted October 6, 2019 (edited) Hi, you've got a lot of variables here. Have you tried with the default ports? Thanks for answering. Yes, just checked that. HTTP is reachable on 8096 and on my custom port 4037, but not HTTPS. Edited October 6, 2019 by Tomblarom
Solution Q-Droid 803 Posted October 6, 2019 Solution Posted October 6, 2019 Did you verify the PFX after you created it, using the same password as the one stored in Emby? openssl pkcs12 -info -in examplesprio.pfx -nodes Also make sure the user emby has at least read access to the PFX file. 1
Tomblarom 0 Posted October 7, 2019 Author Posted October 7, 2019 (edited) Did you verify the PFX after you created it, using the same password as the one stored in Emby? I just checked that and it seems the password was malicious or incorrect. Recreated the .pfx file and reentered it into Emby settings. Maybe it's taking some time, but still no successful connection. Tried different browser and emptying the cache data. Also make sure the user emby has at least read access to the PFX file. Made the file owned by Emby chown emby:emby examplesprio.pfx and changed the permission chmod 777 examplesprio.pfx. That's what I'm getting for ls -l: root@exp-dbn:/opt/emby-server/etc/ssl # ls -ls insgesamt 12 8 -rwxrwxrwx 1 emby emby 4181 Okt 7 16:24 examplesprio.pfx 4 drwxr-xr-x 2 emby emby 4096 Okt 4 09:20 certs EDIT: Got it! Thanks. Forgot to restart Emby and it's connecting now! Make sure to type and not copy the password. Edited October 7, 2019 by Tomblarom
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now