bandit8623 65 Posted September 13, 2022 Share Posted September 13, 2022 https://www.noip.com/blog/2021/12/17/ssl-certificate-now-included-with-free-dynamic-dns/ no ip now is completely free with no 90 day reup on the ssl cert. just have to renew your domain name. but thats super ez. Link to comment Share on other sites More sharing options...
Carlo 4375 Posted September 14, 2022 Share Posted September 14, 2022 That's only for dynamic domains and not user registered domains correct? Link to comment Share on other sites More sharing options...
bandit8623 65 Posted September 14, 2022 Share Posted September 14, 2022 (edited) 43 minutes ago, cayars said: That's only for dynamic domains and not user registered domains correct? https://www.noip.com/support/knowledgebase/purchase-enhanced-dynamic-dns-plus-managed-dns/ looks like you would have to go with plus managed dns payed (29.99$ a year ). so yeah think only with dynamic its free Edited September 14, 2022 by bandit8623 1 Link to comment Share on other sites More sharing options...
JulesC 44 Posted November 3, 2022 Share Posted November 3, 2022 (edited) This SSL setup has served me well when I was using a Windows Home Server. When I moved to the Synology NAS, I use Let's Encrypt SSL Cert, Synology's Reverse Proxy and their Web Station app. I didn't think Caddy worked with Synology NAS. Does anyone in this group have a working configuration for Synology DSM 7+ that works using a Domain/URL for remote access that you could share with me? Your input would be greatly appreciated. Edited November 3, 2022 by JulesC Link to comment Share on other sites More sharing options...
iPhoneMaxPro 15 Posted April 1, 2023 Share Posted April 1, 2023 (edited) Hello thanks for sharing this amazing information, I tried to configure everything and I would like to ask if it is possible to change the default ports of caddy (443-80) because I already have a server on those ports active Edited April 1, 2023 by iPhoneMaxPro Link to comment Share on other sites More sharing options...
pwhodges 1680 Posted April 1, 2023 Share Posted April 1, 2023 You can change the ports in Caddy, but you will need to configure the automatic SSL to use a different technique from the default. Paul Link to comment Share on other sites More sharing options...
Carlo 4375 Posted April 3, 2023 Share Posted April 3, 2023 You really don't want to do that. One of the benefits of running a reverse proxy is being to use the same ports (ie. 80 & 443) for multiple programs/services you have running. The proxy can differentiate where to send the data internally based on the subdomain you set up such as www.domain.com, emby.domain.com, portal.domain.com, etc... Carlo 1 Link to comment Share on other sites More sharing options...
noemi_karole 0 Posted April 8, 2023 Share Posted April 8, 2023 Hey thanks for sharing , but there are ways much simpler and easier, Link to comment Share on other sites More sharing options...
bandit8623 65 Posted April 8, 2023 Share Posted April 8, 2023 1 hour ago, noemi_karole said: Hey thanks for sharing , but there are ways much simpler and easier, there is always the easier way. the question that needs to be asked is it free? Share this knowledge of easier ways Link to comment Share on other sites More sharing options...
redaktorn 12 Posted April 8, 2023 Share Posted April 8, 2023 19 hours ago, noemi_karole said: Hey thanks for sharing , but there are ways much simpler and easier, Yes Please - I would also be interested in the "much simpler and easier" way. Today I use a reverse proxy (Caddy) in Linux Mint. It works well but takes some learning to set up. Unfortunately Caddy mess up and stop to work if I upgrade to the latest Linux Mint version. So I am looking for another solution. Link to comment Share on other sites More sharing options...
seanbuff 962 Posted April 9, 2023 Share Posted April 9, 2023 1 hour ago, redaktorn said: Unfortunately Caddy mess up and stop to work if I upgrade to the latest Linux Mint version. So I am looking for another solution. If you keep your basic Caddy config inside your Caddyfile, then it should be very easy to restore after an upgrade or even move to another machine with Caddy installed. Link to comment Share on other sites More sharing options...
redaktorn 12 Posted April 9, 2023 Share Posted April 9, 2023 21 hours ago, seanbuff said: If you keep your basic Caddy config inside your Caddyfile, then it should be very easy to restore after an upgrade or even move to another machine with Caddy installed. Yes, I know that. My problem is that I have not had time to investigate it deeper. An upgrade of Linux Mint moves Caddys archive and files to new locations. It is probably not so complicated but I just not had the time yet. And another solution could be interesting also. Link to comment Share on other sites More sharing options...
xibinim 7 Posted April 14, 2023 Share Posted April 14, 2023 Thank you for the guide but certain parts don't seem to match up with what's in front of me. For pointing the purchased Google domain to my HTPC, I go to 'website' and then 'forwarding' and simply enter the static IP for my HTPC? ZeroSSL - you copy "_acme-challenge.yourdomain.net" into the 'Host name' box in 'Custom records'? TXT for type. Leave TTL as 3600. And then paste the long alphanumeric string in the CMD window into "Data"? I save the record and then click enter in the ZeroSSL CMD box But I'm then greeted with the below: 2023/04/14 12:04:39 Processing the 'dns' verification for 'yourdomain.net' 2023/04/14 12:04:39 Domain verification results for 'yourdomain.net': error. DNS problem: NXDOMAIN looking up TXT for _acme-challenge.yourdomain.net - check that a DNS record exists for this domain 2023/04/14 12:04:39 You can now delete '_acme-challenge.yourdomain.net' DNS record 2023/04/14 12:04:39 All verifications failed And there is no certificate file in the folder. Instead - account.key, dommain.csr and domain.key Link to comment Share on other sites More sharing options...
pwhodges 1680 Posted April 14, 2023 Share Posted April 14, 2023 The domain verification is saying the domain name is not set up. You can check that directly by doing an nslookup (command line tool, or you can use this website: https://www.nslookup.io/ )? I don't know what Google's DNS interface looks like, but you are needing to set up an A record. In my experience "website" + "forwarding" suggests that the name is pointing to Google's server, not yours, and web traffic is then forwarded from there, which is not the same thing, and won't work for this purpose. Paul Link to comment Share on other sites More sharing options...
Q-Droid 767 Posted April 14, 2023 Share Posted April 14, 2023 For the TXT record entry the "host name" is usually not FQDN but only the name portion. The validation tool already knows the domain and concatenates the two. Link to comment Share on other sites More sharing options...
xibinim 7 Posted April 14, 2023 Share Posted April 14, 2023 (edited) Thank you both for the prompt responses and help. I've made progress I think. For the pointing the newly purchased domain to my HTPC, I deleted the forwarding rule in the Google Domains settings. And instead created a new A custom record calling it "emby.yourdomain.net" and put my IP in the Data field. Sorted. Did the certificate part again and it worked this time. Removed the double counting 'yourdomain.net' part of it as Q-Droid mentioned. Did the last few bits in the Emby server settings and my remote WAN address has now changed - https://yourdomain.net:8920. However it doesn't work and trying nslookup shows no A or TXT records. Assume this is just a case of waiting for it to sync? And I'm still find to use 8920 as I saw another similar guide say not to use this (nor 8096) and opt for 443 instead? The Emby app works for me accessing my server (on data and not home WiFi), it asked something about a certificate which I accepted. Edited April 14, 2023 by xibinim Link to comment Share on other sites More sharing options...
Neminem 553 Posted April 14, 2023 Share Posted April 14, 2023 Jep it can take a coble of hours for the dns to resolve through all dns servers. Sometimes longer. Link to comment Share on other sites More sharing options...
xibinim 7 Posted April 14, 2023 Share Posted April 14, 2023 Sweet - thanks again Should have done this a long time ago. Link to comment Share on other sites More sharing options...
pwhodges 1680 Posted April 14, 2023 Share Posted April 14, 2023 (edited) Also, it's not clear to me from what you've written whether you are consistent in using "emby.yourdomain.net" vs "yourdomain.net". It may be that you need to edit the "External domain" entry in the network settings to include the initial "emby." Everything must match the version you've made the certificate for. Paul Edited April 14, 2023 by pwhodges Link to comment Share on other sites More sharing options...
Teknician 3 Posted April 14, 2023 Share Posted April 14, 2023 Did you add a custom A record in domains, pointing to your web address and your WAN IP? Mines been doing great for a couple years now. Hostname = yourdomain.com Type = A TTL = 5 Minutes Data = Your IP Link to comment Share on other sites More sharing options...
xibinim 7 Posted April 14, 2023 Share Posted April 14, 2023 (edited) 38 minutes ago, pwhodges said: Also, it's not clear to me from what you've written whether you are consistent in using "emby.yourdomain.net" vs "yourdomain.net". It may be that you need to edit the "External domain" entry in the network settings to include the initial "emby." Everything must match the version you've made the certificate for. Paul Think you're right. I didn't have "emby" before my domain name in the external domain section of Emby settings. Adding it then made the WAN address work but it still comes up with a "this isn't a secure connection" and HTTPS is crossed out. This is how I have my settings. Edited April 14, 2023 by xibinim 1 Link to comment Share on other sites More sharing options...
pwhodges 1680 Posted April 14, 2023 Share Posted April 14, 2023 Hmm. I presume you mean that even though the security isn't working, you are now seeing a working (insecure) connection to Emby. I've never tried putting a certificate into Emby itself - I use a reverse proxy for that (which also gets and updates the certificate completely automatically). But the Emby server log file might contain a clue to why it's not working. Paul Link to comment Share on other sites More sharing options...
xibinim 7 Posted April 14, 2023 Share Posted April 14, 2023 (edited) 13 minutes ago, pwhodges said: Hmm. I presume you mean that even though the security isn't working, you are now seeing a working (insecure) connection to Emby. I've never tried putting a certificate into Emby itself - I use a reverse proxy for that (which also gets and updates the certificate completely automatically). But the Emby server log file might contain a clue to why it's not working. Paul Thanks, I'll prepare a log. Will it require a lot of effort to strip of personal information? Edit - a quick scan, all I can see that's worth replacing is my name (username for this PC). Edited April 14, 2023 by xibinim Link to comment Share on other sites More sharing options...
Teknician 3 Posted April 14, 2023 Share Posted April 14, 2023 If your _acme-challenge does not include "emby.", then that shouldn't be added to your server, but just the actual domain. _acme-challenge.MYDOMAIN.COM Link to comment Share on other sites More sharing options...
Q-Droid 767 Posted April 15, 2023 Share Posted April 15, 2023 Check to see what CN the cert was issued for - <your domain> or emby.<your domain>. Without wildcard or SANs your site DNS name needs to match the cert CN. If both <your domain> and emby.<your domain> resolve to the same address then try both in a browser then plug the one that works into the emby network settings or get a new cert issued to the name you want to use. Or add wildcard/SANs. Restart your emby server then check the fresh log. If you're having problems with the cert/pfx file it will show on startup, not after log rotation. Should be close to top of the log. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now