Server is not running on https ports

[Ghostsailor 1]

Hi Guys,

 

I am currently trying to secure my traffic via TLS and thus I want to use https instead of http. I succesfully created a ssl certificate with letsencrypt and bound it to emby in the webinterface. The server is running on a windows 10 pro machine. Although the server accepts my certificate file and I can force the "secure connection" option I am not able to connect to emby via https. It is not a port forwarding problem as it also occurs in the local network via port 8920. I tested it with windows firewall disabled but it did not change anything. One thing I noticed is that the server does not even show that it is running at the https port (See screenshot). I saw in another thread that the server normally displays the https port it is running on aswell.

[neik 835]

In case you didn't notice, your domain is visible in the screenshot. ;-)

[Luke 37008]

If it doesn't show the https port then you haven't configured the server network settings properly, so let's look at those.

[darkassassin07 418]

Anytime you change the ssl certificate or local http(s) port(s) you will have to restart the server to apply those changes.

[Ghostsailor 1]

@@neik Oops thanks for that info

@darkassasin07 I am aware of that but the machine has been restarted quite a few times by now.

@@Luke Screenshots are attached

[Luke 37008]

Please attach the emby server log. Thanks.

[Ghostsailor 1]

@@Luke There you go

logs.zip

[Luke 37008]

Here's the problem:

2019-12-10 16:06:37.395 Error App: Error loading cert from C:\EmbyCache\SSL\cert.pfx
	*** Error Report ***
	Version: 4.3.0.30
	Command line: C:\Users\Administrator\AppData\Roaming\Emby-Server\system\EmbyServer.dll
	Operating system: Microsoft Windows NT 6.2.9200.0
	64-Bit OS: True
	64-Bit Process: True
	User Interactive: True
	Runtime: file:///C:/Users/Administrator/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll
	Processor count: 4
	Program data path: C:\Users\Administrator\AppData\Roaming\Emby-Server\programdata
	Application directory: C:\Users\Administrator\AppData\Roaming\Emby-Server\system
	Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Das angegebene Netzwerkkennwort ist falsch.

[Luke 37008]

Translation: 

The specified network password is incorrect

[Ghostsailor 1]

So could this be the password of the certificate or something like a ntfs security setting? I never specified a passwort for my .cert file.

[lexisdude 132]

Had a similar issue, cleared up when I added the cert files to my local system as trusted certs. Might be that?
 

[Q-Droid 634]

Recreate your pfx with a passphrase and include the passphrase in Emby.

[Luke 37008]

That's the password of the certificate.

[Ghostsailor 1]

Recreate your pfx with a passphrase and include the passphrase in Emby.

I do not think I was ever prompted to enter a password. Thats why I am kinda confused, that the server says "wrong password".

I will definetly try to create a new certificate.

[Q-Droid 634]

What did you use to create the pfx file?

[Ghostsailor 1]

What did you use to create the pfx file?

Hi,

I used Win-Acme: https://github.com/PKISharp/win-acme

[Q-Droid 634]

I don't know much about win-acme though it looks like it caches certs in a pfx using randomly generated passwords. It's not the pfx you want for emby. If you can find a way to export the certs and keys from the cache to a new pfx with a given password then it should work. Or try a different tool.

[WilhelmStroker 96]

Not familiar with that tool, I use Certity to get my certificate. After thst you need to export it from iis and configure it in Emby. Steps here:

https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows

[Ghostsailor 1]

I don't know much about win-acme though it looks like it caches certs in a pfx using randomly generated passwords. It's not the pfx you want for emby. If you can find a way to export the certs and keys from the cache to a new pfx with a given password then it should work. Or try a different tool.

I tried the advanced mode of the tool and was now promted to enter a password. The server now works perfectly fine over https and my connections are now encrypted. Thank you very much guys!

[Luke 37008]

Thanks for the feedback !