Ghostsailor 1 Posted December 10, 2019 Share Posted December 10, 2019 Hi Guys, I am currently trying to secure my traffic via TLS and thus I want to use https instead of http. I succesfully created a ssl certificate with letsencrypt and bound it to emby in the webinterface. The server is running on a windows 10 pro machine. Although the server accepts my certificate file and I can force the "secure connection" option I am not able to connect to emby via https. It is not a port forwarding problem as it also occurs in the local network via port 8920. I tested it with windows firewall disabled but it did not change anything. One thing I noticed is that the server does not even show that it is running at the https port (See screenshot). I saw in another thread that the server normally displays the https port it is running on aswell. Link to comment Share on other sites More sharing options...
neik 835 Posted December 10, 2019 Share Posted December 10, 2019 In case you didn't notice, your domain is visible in the screenshot. ;-) Link to comment Share on other sites More sharing options...
Luke 37008 Posted December 10, 2019 Share Posted December 10, 2019 If it doesn't show the https port then you haven't configured the server network settings properly, so let's look at those. Link to comment Share on other sites More sharing options...
darkassassin07 418 Posted December 10, 2019 Share Posted December 10, 2019 Anytime you change the ssl certificate or local http(s) port(s) you will have to restart the server to apply those changes. Link to comment Share on other sites More sharing options...
Ghostsailor 1 Posted December 11, 2019 Author Share Posted December 11, 2019 @@neik Oops thanks for that info @darkassasin07 I am aware of that but the machine has been restarted quite a few times by now. @@Luke Screenshots are attached Link to comment Share on other sites More sharing options...
Luke 37008 Posted December 11, 2019 Share Posted December 11, 2019 Please attach the emby server log. Thanks. Link to comment Share on other sites More sharing options...
Ghostsailor 1 Posted December 11, 2019 Author Share Posted December 11, 2019 @@Luke There you go logs.zip Link to comment Share on other sites More sharing options...
Luke 37008 Posted December 11, 2019 Share Posted December 11, 2019 Here's the problem: 2019-12-10 16:06:37.395 Error App: Error loading cert from C:\EmbyCache\SSL\cert.pfx *** Error Report *** Version: 4.3.0.30 Command line: C:\Users\Administrator\AppData\Roaming\Emby-Server\system\EmbyServer.dll Operating system: Microsoft Windows NT 6.2.9200.0 64-Bit OS: True 64-Bit Process: True User Interactive: True Runtime: file:///C:/Users/Administrator/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll Processor count: 4 Program data path: C:\Users\Administrator\AppData\Roaming\Emby-Server\programdata Application directory: C:\Users\Administrator\AppData\Roaming\Emby-Server\system Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Das angegebene Netzwerkkennwort ist falsch. Link to comment Share on other sites More sharing options...
Luke 37008 Posted December 11, 2019 Share Posted December 11, 2019 Translation: The specified network password is incorrect Link to comment Share on other sites More sharing options...
Ghostsailor 1 Posted December 12, 2019 Author Share Posted December 12, 2019 So could this be the password of the certificate or something like a ntfs security setting? I never specified a passwort for my .cert file. Link to comment Share on other sites More sharing options...
lexisdude 132 Posted December 12, 2019 Share Posted December 12, 2019 Had a similar issue, cleared up when I added the cert files to my local system as trusted certs. Might be that? Link to comment Share on other sites More sharing options...
Q-Droid 634 Posted December 12, 2019 Share Posted December 12, 2019 Recreate your pfx with a passphrase and include the passphrase in Emby. Link to comment Share on other sites More sharing options...
Luke 37008 Posted December 12, 2019 Share Posted December 12, 2019 That's the password of the certificate. Link to comment Share on other sites More sharing options...
Ghostsailor 1 Posted December 13, 2019 Author Share Posted December 13, 2019 Recreate your pfx with a passphrase and include the passphrase in Emby. I do not think I was ever prompted to enter a password. Thats why I am kinda confused, that the server says "wrong password". I will definetly try to create a new certificate. Link to comment Share on other sites More sharing options...
Q-Droid 634 Posted December 13, 2019 Share Posted December 13, 2019 What did you use to create the pfx file? Link to comment Share on other sites More sharing options...
Ghostsailor 1 Posted December 16, 2019 Author Share Posted December 16, 2019 What did you use to create the pfx file? Hi, I used Win-Acme: https://github.com/PKISharp/win-acme Link to comment Share on other sites More sharing options...
Q-Droid 634 Posted December 16, 2019 Share Posted December 16, 2019 I don't know much about win-acme though it looks like it caches certs in a pfx using randomly generated passwords. It's not the pfx you want for emby. If you can find a way to export the certs and keys from the cache to a new pfx with a given password then it should work. Or try a different tool. Link to comment Share on other sites More sharing options...
WilhelmStroker 96 Posted December 16, 2019 Share Posted December 16, 2019 Not familiar with that tool, I use Certity to get my certificate. After thst you need to export it from iis and configure it in Emby. Steps here: https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows Link to comment Share on other sites More sharing options...
Ghostsailor 1 Posted December 19, 2019 Author Share Posted December 19, 2019 I don't know much about win-acme though it looks like it caches certs in a pfx using randomly generated passwords. It's not the pfx you want for emby. If you can find a way to export the certs and keys from the cache to a new pfx with a given password then it should work. Or try a different tool. I tried the advanced mode of the tool and was now promted to enter a password. The server now works perfectly fine over https and my connections are now encrypted. Thank you very much guys! Link to comment Share on other sites More sharing options...
Luke 37008 Posted December 19, 2019 Share Posted December 19, 2019 Thanks for the feedback ! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now