Jump to content

SSL not working <SOLVED>


varmandra

Recommended Posts

varmandra

Hello

 

This is my first post here, but I read here a lot and solved many problems I had, so first thanks this community.

 

But now I have a Problem and no idea how to solve it.

 

I use a lot how-to but I am not able to get an https connection to my Emby Server

With this instructions I get no more a "could not connect", but I get a "PR_END_OF_FILE_ERROR" in Firefox and "ERR_CONNECTION_CLOSED" in Chrome.

I´m not really familiar with SSL but with an apache or lighttpd I had no problems to set up an https connection, but with the Emby Server I don´t know any further.

In the log file there are only the http request, nothing about https.

 

Where should I search for this issue, are there other settings which affect to SSL?

 

If you need more information from me, just ask.

 

BdT

Varmandra

 

Edited by varmandra
Link to comment
Share on other sites

varmandra

yes I went through that, see picture.

 

HTTP works fine, external WAN adress works like expected, Auto Port Mapping don´t work like expected.

 

HTTPS don´t work and that my problem

 

BdT

Varmandra

post-553634-0-06032400-1576335248_thumb.png

Link to comment
Share on other sites

Q-Droid

Yeah, don't rely on the Auto Port Mapping and make sure the router port forwarding is setup.

 

It looks like your external domain field is empty, it should match the CN of your cert. It also looks like you have no password for your certificate. I can't tell if you cleared those fields to post the image.

 

When done you should see the In-Home and Remote URLs on the Dashboard.

Link to comment
Share on other sites

varmandra

I clear out this fields to post it.

 

But in the Moment i don´t know what happend, now the https connection works. The only things i did since the scrennshot and not working https are: copy all files i get for the certificat in the folder where emby find the PKCS and restart the complet server.

 

I used the URLs which are shown on the Dashboardthe last thousend attempts it donw work now it work.

 

Could it be that it takes some time till the certificat from letsencrypt are working?

 

BdT

Varmandra

Link to comment
Share on other sites

Q-Droid

If you add or change the PKCS then Emby server needs to be restarted, but that's all it needs if the other settings are correct.

Link to comment
Share on other sites

varmandra

Finally I find where my problem comes from, the test version I used here everything is done like described in the how-to got to sslforfree.com create a certificate, then use SSL Converter to create a pfx, with this and a restart it works. Fine, but I am not a friend of send someone my complete certificate files!

 

So I get back to the beginning get a certificate with certbot, and create the pfx on my own with "openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx" and this pfx don’t work, on the dashboard it only shows the 8096 connection (doesn’t matter how many restarts I do). (With the working pfx it shows for LAN 8096 and for WAN 8920).

post-553634-0-49911400-1576403273_thumb.pngpost-553634-0-91068000-1576403273_thumb.png

 

When I use the certificate from certbot and use it with SSL Converter, I get a working pfx, so something muss go wrong when I create the pfx file.

 

BdT

Varmandra

 

Link to comment
Share on other sites

Q-Droid

I see nothing wrong with your command to create the pfx file.

 

What does the emby server log show during startup with the bad pfx?

 

Have you compared the contents of the pfx created with each method?

 

openssl pkcs12 -info -in "full path to PFX file" -nodes      <-- if you want to see the private key

or

openssl pkcs12 -info -in "full path to PFX file" -nokeys    <-- if you don't want to see the private key

Link to comment
Share on other sites

varmandra

I attached a log there is an error, but I don´t know what thats realy mean.

 

 

openssl pkcs12 -info -in "full path to PFX file" -nodes      <-- if you want to see the private key

or

openssl pkcs12 -info -in "full path to PFX file" -nokeys    <-- if you don't want to see the private key

I compare both outputs from the working and the not working pfx and ther are completly the same.

 

 

With my own pfx I use the privkey.pem and the fullchain.pem to create the pfx, the SSL converter use the cert.pem and the privkey.pem, in my understanding, the chain could be created with the cert.pem and and the privkey.pem, isn´t it?

 

BdT

Varmandra

embyserver.txt

Link to comment
Share on other sites

Q-Droid

Are ownership or permissions changing for /SSL/vpn/emby.pfx?

 

The full chain can be obtained with just the public server cert (cert.pem). SSL converter might be fetching those to include in the pfx file. I do agree there should be no need to share your private key with an online app even if all of the work itself is done locally on the browser.

Link to comment
Share on other sites

Looks like an error loading the cert although the error message in the log makes it difficult to determine the issue. Does the cert need a password?

Link to comment
Share on other sites

varmandra

Are ownership or permissions changing for /SSL/vpn/emby.pfx?

Thats it!

THe working one has 644, my own was 600, so no other User could read it.

Link to comment
Share on other sites

  • 2 years later...
Q-Droid
13 hours ago, BJ1983tn said:

I have this problem too. I have the permissions 644. Why aren't there aany log messages if the cert is bad?

I would check to make sure you have the cert in the right place.

@Luke there is something to what @BJ1983tn posted. Emby does throw an error if the cert file is bad or can't be opened but does not throw errors if a custom cert path is configured and the file can't be found.

 

Link to comment
Share on other sites

I'll have to look at that but I would have expected an error message in the log file. Thanks.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...