Carlo 4459 Posted April 15, 2023 Posted April 15, 2023 On 4/14/2023 at 3:08 PM, xibinim said: Thanks, I'll prepare a log. Will it require a lot of effort to strip of personal information? Edit - a quick scan, all I can see that's worth replacing is my name (username for this PC). If you like, send me a PM with the information to review vs publicly posting it. If you send me a screen shot of your DNS entries that would be a plus as well. Carlo PS you can send me a private message by hovering over my avatar.
xibinim 7 Posted April 20, 2023 Posted April 20, 2023 Thank you all again. I had to revert as it completely buggered access to my clients, particularly those running it through a TV app. Will go back to the drawing board and follow up on your suggestions :). 1
ITGuy1024 15 Posted May 3, 2023 Posted May 3, 2023 Is this still a valid option? I followed the steps and my domain is now flagged as "Deceptive site ahead"
Luke 38525 Posted May 4, 2023 Posted May 4, 2023 2 hours ago, ITGuy1024 said: Is this still a valid option? I followed the steps and my domain is now flagged as "Deceptive site ahead" You might be running into this issue: So please follow that topic. Thanks.
Blackstar1988 0 Posted July 28, 2023 Posted July 28, 2023 On 7/6/2021 at 3:10 PM, MEB said: Using duckdns with home assistant so it creates the cert with letsencrypt any way to use that setup and the cert it creates automictically? did you find any answer to it im doing the same now pls share knowledge
ITGuy1024 15 Posted August 20, 2023 Posted August 20, 2023 What am I missing? The WAN address won't update to https or the correct port. ZeroSSL successfully reached the _acme-challenge on my domain.
Q-Droid 806 Posted August 20, 2023 Posted August 20, 2023 This is usually an indication that it couldn't open or use the cert and bind to the HTTPS port. Restart your Emby server and look through the new log to see if there are errors related to the cert file (pfx).
ITGuy1024 15 Posted August 20, 2023 Posted August 20, 2023 4 minutes ago, Q-Droid said: This is usually an indication that it couldn't open or use the cert and bind to the HTTPS port. Restart your Emby server and look through the new log to see if there are errors related to the cert file (pfx). I restarted a few times. I see this in the log in relation to port 8920. 2023-08-19 20:18:20.986 Debug PortMapper: Creating port map on local port 8920 to public port 8920 with device 172.30.1.109 I see this in relation to pfx. "The specified network password is not correct." Is this reffering to the cert password or something else? I copied the cert password directly into emby from the batch file. I double checked, no added blank spaces. 2023-08-19 20:07:35.516 Error App: Error loading cert from C:\ZeroSSL\certificate.pfx *** Error Report *** Version: 4.7.13.0 Command line: C:\Users\Administrator\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp Operating system: Microsoft Windows 10.0.14393 Framework: .NET 6.0.16 OS/Process: x64/x64 Runtime: C:/Users/Administrator/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll Processor count: 4 Data path: C:\Users\Administrator\AppData\Roaming\Emby-Server\programdata Application path: C:\Users\Administrator\AppData\Roaming\Emby-Server\system Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags)
Q-Droid 806 Posted August 20, 2023 Posted August 20, 2023 The request to restart is to make sure the log has all of the details. The server only tries to open the cert and bind to the HTTPS port on startup. If the log rotates or is rotated manually the new log won't have any info. And yes, it can't open the cert file. Most likely password but the messages might be misleading and it could be other reasons. Start by verifying that password.
ITGuy1024 15 Posted August 20, 2023 Posted August 20, 2023 (edited) Are there suppose to be quotes around the password in the batch file? I'm guessing no? Taking a closer look at the zerossl script it looks like it added this character ô to the beginning and end of the password I have. I'm guessing that character is from the quotations? *Fixed* the quotations and added symbol were the issue Edited August 20, 2023 by ITGuy1024 1
Teknician 4 Posted August 20, 2023 Posted August 20, 2023 If you're referring to the batch file to generate your certificate, no there is no quotation marks. cd c:\ZeroSSL @[member="Echo"] off le64 --key account.key --csr domain.csr --csr-key domain.key --crt certificate.csr --domains myserveraddress.com --generate-missing --handle-as dns --export-pfx 12345678 --live pause
hawaiizfynest 0 Posted August 20, 2023 Posted August 20, 2023 On 1/13/2020 at 9:19 AM, BAlGaInTl said: Great guide. The only comment that I would make is that I've been steering people more towards using Cloudflare's free service for the certificate. It's a couple of extra steps in the beginning, but then you don't have to worry about updating every 90 days. You get the added bonus of some protections that Cloudflare builds in to its service. mind sharing the walk through for this? i personally love using CF stuff so this would be great for me.
xibinim 7 Posted August 21, 2023 Posted August 21, 2023 Apologies for the long delay, lots of responses - thank you. We may be moving house and getting new network equipment so will read through replies and try and get a working solution in preparation :).
jonwalton19 0 Posted December 25, 2023 Posted December 25, 2023 (edited) This almost was a great transition from Plex.......except that setting up the [redacted] server so I access it on phone is pure garbage. your software [redacted]. Edited December 25, 2023 by GrimReaper Wording
Teknician 4 Posted December 25, 2023 Posted December 25, 2023 What's the issue with your connecting? Are you trying to access by your WAN address? 1
xnappo 1597 Posted January 19 Posted January 19 @MikeB111Just wanted to thank you for this post. I had been putting it off too long and got it working, though with squarespace since they took over from Google. As a bonus, I got to use the information at work for something semiconductor certificate related - I was able to say 'Oh, kinda like how SSL CSAs work?' and get an enthusiastic 'Yes exactly!' lol 1
bandit8623 75 Posted January 24 Posted January 24 On 12/24/2023 at 10:57 PM, jonwalton19 said: This almost was a great transition from Plex.......except that setting up the [redacted] server so I access it on phone is pure garbage. your software [redacted]. the whole point on why emby is better is none of your stuff goes through their servers. plex has access to all your stuff. 1
Zerok 2 Posted January 25 Posted January 25 For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with?
RDSII64 4 Posted January 25 Posted January 25 7 minutes ago, Zerok said: For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with? That is a good question. Unfortunately I don't know the answer yet.
JulesC 48 Posted January 26 Posted January 26 2 hours ago, Zerok said: For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with? I was just getting ready to post the same question. Looking forward to any guidance here. Thanks
darkassassin07 518 Posted January 26 Posted January 26 (edited) 3 hours ago, Zerok said: For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with? Cloudflares nameservers. Google/SquareSpace only handles the registration, cloudflare does the dns and WAF/Proxy for non-emby services. (don't proxy Emby with CFs WAF, it's against their ToS and will be throttled) I was worried and asked on Lemmy before realizing I'm already using CF name servers so I won't have to do anything. Edited January 26 by darkassassin07
MikeB111 53 Posted January 29 Author Posted January 29 On 1/25/2024 at 3:01 PM, Zerok said: For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with? Since I'm running my server from my house on a dynamic IP from my internet provider, support for Dynamic DNS was a requirement. Google domains had worked great for me for a long time, but with the change to Squarespace with no DDNS support it's a no go for me now. I just transferred my domain name registration from Squarespace/Google to Namecheap. Cost me $13 for the transfer, and was super easy, all done in a few minutes. The namecheap interface for managing the domain was simple and actually very similar to Google, so it was familiar and easy. With google domains, my ASUS router directly supported DDNS which was very convenient (although it didn't always work 100% reliably). Namecheap isn't supported by my router directly, but they have a Windows dynamic DNS client that I set up to run on my Emby server which is always on anyways, and it seems to be working just fine. For those with more experience than I, namecheap dynamic DNS also works with DDClient (primarly a linux tool, but there is apparently also a windows install). I'm by no means an expert and make no claim that this is the best solution, but I did just make this change and it seems to be working well so at least this is one working option to consider. 1 1
bandit8623 75 Posted January 29 Posted January 29 (edited) no-ip offers free cert with the free monthly dynamic service. just have to click 3 times once a month. 0$ but if you dont want to confirm in monthly then you wouldnt like it. throwing that out there for people. ***Wow i spoke too soon. they just stopped offering the free cert now. im guessing im good for the rest of the year possibly since i just set up my cert last week. darn sorry about that folks looks like no ip is no longer the best option for free, although with coupon in the fall they offer this stuff 50% off Edited January 29 by bandit8623 ssl not included anymore
Q-Droid 806 Posted January 29 Posted January 29 For DDNS users switching providers or with multiple providers this can simplify things. Supported on Windows, Mac, Linux and routers running Tomato, DD-WRT and I think Merlin. https://www.dnsomatic.com/docs/supportedservices 1 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now