varmandra 3 Posted December 14, 2019 Share Posted December 14, 2019 (edited) Hello This is my first post here, but I read here a lot and solved many problems I had, so first thanks this community. But now I have a Problem and no idea how to solve it. I use a lot how-to but I am not able to get an https connection to my Emby Server With this instructions I get no more a "could not connect", but I get a "PR_END_OF_FILE_ERROR" in Firefox and "ERR_CONNECTION_CLOSED" in Chrome. I´m not really familiar with SSL but with an apache or lighttpd I had no problems to set up an https connection, but with the Emby Server I don´t know any further. In the log file there are only the http request, nothing about https. Where should I search for this issue, are there other settings which affect to SSL? If you need more information from me, just ask. BdT Varmandra Edited December 15, 2019 by varmandra Link to comment Share on other sites More sharing options...
Q-Droid 634 Posted December 14, 2019 Share Posted December 14, 2019 Did you look through these? https://github.com/MediaBrowser/Wiki/wiki/Hosting%20Settings Link to comment Share on other sites More sharing options...
varmandra 3 Posted December 14, 2019 Author Share Posted December 14, 2019 yes I went through that, see picture. HTTP works fine, external WAN adress works like expected, Auto Port Mapping don´t work like expected. HTTPS don´t work and that my problem BdT Varmandra Link to comment Share on other sites More sharing options...
Q-Droid 634 Posted December 14, 2019 Share Posted December 14, 2019 Yeah, don't rely on the Auto Port Mapping and make sure the router port forwarding is setup. It looks like your external domain field is empty, it should match the CN of your cert. It also looks like you have no password for your certificate. I can't tell if you cleared those fields to post the image. When done you should see the In-Home and Remote URLs on the Dashboard. Link to comment Share on other sites More sharing options...
varmandra 3 Posted December 14, 2019 Author Share Posted December 14, 2019 I clear out this fields to post it. But in the Moment i don´t know what happend, now the https connection works. The only things i did since the scrennshot and not working https are: copy all files i get for the certificat in the folder where emby find the PKCS and restart the complet server. I used the URLs which are shown on the Dashboardthe last thousend attempts it donw work now it work. Could it be that it takes some time till the certificat from letsencrypt are working? BdT Varmandra Link to comment Share on other sites More sharing options...
Q-Droid 634 Posted December 14, 2019 Share Posted December 14, 2019 If you add or change the PKCS then Emby server needs to be restarted, but that's all it needs if the other settings are correct. Link to comment Share on other sites More sharing options...
varmandra 3 Posted December 15, 2019 Author Share Posted December 15, 2019 Finally I find where my problem comes from, the test version I used here everything is done like described in the how-to got to sslforfree.com create a certificate, then use SSL Converter to create a pfx, with this and a restart it works. Fine, but I am not a friend of send someone my complete certificate files! So I get back to the beginning get a certificate with certbot, and create the pfx on my own with "openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx" and this pfx don’t work, on the dashboard it only shows the 8096 connection (doesn’t matter how many restarts I do). (With the working pfx it shows for LAN 8096 and for WAN 8920). When I use the certificate from certbot and use it with SSL Converter, I get a working pfx, so something muss go wrong when I create the pfx file. BdT Varmandra Link to comment Share on other sites More sharing options...
Q-Droid 634 Posted December 15, 2019 Share Posted December 15, 2019 I see nothing wrong with your command to create the pfx file. What does the emby server log show during startup with the bad pfx? Have you compared the contents of the pfx created with each method? openssl pkcs12 -info -in "full path to PFX file" -nodes <-- if you want to see the private key or openssl pkcs12 -info -in "full path to PFX file" -nokeys <-- if you don't want to see the private key Link to comment Share on other sites More sharing options...
varmandra 3 Posted December 15, 2019 Author Share Posted December 15, 2019 I attached a log there is an error, but I don´t know what thats realy mean. openssl pkcs12 -info -in "full path to PFX file" -nodes <-- if you want to see the private key or openssl pkcs12 -info -in "full path to PFX file" -nokeys <-- if you don't want to see the private key I compare both outputs from the working and the not working pfx and ther are completly the same. With my own pfx I use the privkey.pem and the fullchain.pem to create the pfx, the SSL converter use the cert.pem and the privkey.pem, in my understanding, the chain could be created with the cert.pem and and the privkey.pem, isn´t it? BdT Varmandra embyserver.txt Link to comment Share on other sites More sharing options...
Q-Droid 634 Posted December 15, 2019 Share Posted December 15, 2019 Are ownership or permissions changing for /SSL/vpn/emby.pfx? The full chain can be obtained with just the public server cert (cert.pem). SSL converter might be fetching those to include in the pfx file. I do agree there should be no need to share your private key with an online app even if all of the work itself is done locally on the browser. Link to comment Share on other sites More sharing options...
Luke 37007 Posted December 15, 2019 Share Posted December 15, 2019 Looks like an error loading the cert although the error message in the log makes it difficult to determine the issue. Does the cert need a password? Link to comment Share on other sites More sharing options...
varmandra 3 Posted December 15, 2019 Author Share Posted December 15, 2019 Are ownership or permissions changing for /SSL/vpn/emby.pfx? Thats it! THe working one has 644, my own was 600, so no other User could read it. Link to comment Share on other sites More sharing options...
BJ1983tn 0 Posted January 6, 2022 Share Posted January 6, 2022 I have this problem too. I have the permissions 644. Why aren't there aany log messages if the cert is bad? Link to comment Share on other sites More sharing options...
Q-Droid 634 Posted January 7, 2022 Share Posted January 7, 2022 13 hours ago, BJ1983tn said: I have this problem too. I have the permissions 644. Why aren't there aany log messages if the cert is bad? I would check to make sure you have the cert in the right place. @Luke there is something to what @BJ1983tn posted. Emby does throw an error if the cert file is bad or can't be opened but does not throw errors if a custom cert path is configured and the file can't be found. Link to comment Share on other sites More sharing options...
Luke 37007 Posted January 7, 2022 Share Posted January 7, 2022 I'll have to look at that but I would have expected an error message in the log file. Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now