Jump to content

Recommended Posts

Posted
On 4/14/2023 at 3:08 PM, xibinim said:

Thanks, I'll prepare a log. Will it require a lot of effort to strip of personal information? 

Edit - a quick scan, all I can see that's worth replacing is my name (username for this PC). 

If you like, send me a PM with the information to review vs publicly posting it.
If you send me a screen shot of your DNS entries that would be a plus as well.

Carlo

PS you can send me a private message by hovering over my avatar.

Posted

Thank you all again. I had to revert as it completely buggered access to my clients, particularly those running it through a TV app. Will go back to the drawing board and follow up on your suggestions :). 

  • Like 1
  • 2 weeks later...
ITGuy1024
Posted

Is this still a valid option? I followed the steps and my domain is now flagged as "Deceptive site ahead"

Posted
2 hours ago, ITGuy1024 said:

Is this still a valid option? I followed the steps and my domain is now flagged as "Deceptive site ahead"

You might be running into this issue:

So please follow that topic. Thanks.

  • 2 months later...
Blackstar1988
Posted
On 7/6/2021 at 3:10 PM, MEB said:

Using duckdns with home assistant so it creates the cert with letsencrypt any way to use that setup and the cert it creates automictically? 

did you find any answer to it im doing the same now :D pls share knowledge :D 

  • 4 weeks later...
ITGuy1024
Posted

What am I missing? The WAN address won't update to https or the correct port.
ZeroSSL successfully reached the _acme-challenge on my domain.

image.png.d0231e6f55b0daeb0435e3266b9f5449.png

 

image.png.78d71bee16c95eabcdb4ca49d194fdda.png

 

image.png.ce2653d2c52c6c160b9467936cab01f2.png

Posted

This is usually an indication that it couldn't open or use the cert and bind to the HTTPS port. Restart your Emby server and look through the new log to see if there are errors related to the cert file (pfx).

 

 

 

ITGuy1024
Posted
4 minutes ago, Q-Droid said:

This is usually an indication that it couldn't open or use the cert and bind to the HTTPS port. Restart your Emby server and look through the new log to see if there are errors related to the cert file (pfx).

 

 

 

I restarted a few times. 

I see this in the log in relation to port 8920.

2023-08-19 20:18:20.986 Debug PortMapper: Creating port map on local port 8920 to public port 8920 with device 172.30.1.109

I see this in relation to pfx.
"The specified network password is not correct." Is this reffering to the cert password or something else? I copied the cert password directly into emby from the batch file. I double checked, no added blank spaces.

2023-08-19 20:07:35.516 Error App: Error loading cert from C:\ZeroSSL\certificate.pfx
	*** Error Report ***
	Version: 4.7.13.0
	Command line: C:\Users\Administrator\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp
	Operating system: Microsoft Windows 10.0.14393
	Framework: .NET 6.0.16
	OS/Process: x64/x64
	Runtime: C:/Users/Administrator/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll
	Processor count: 4
	Data path: C:\Users\Administrator\AppData\Roaming\Emby-Server\programdata
	Application path: C:\Users\Administrator\AppData\Roaming\Emby-Server\system
	Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct.
	   at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)
	   at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
	   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
	   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
	   at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info)
	Source: System.Security.Cryptography.X509Certificates
	TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags)
Posted

The request to restart is to make sure the log has all of the details. The server only tries to open the cert and bind to the HTTPS port on startup. If the log rotates or is rotated manually the new log won't have any info.

And yes, it can't open the cert file. Most likely password but the messages might be misleading and it could be other reasons. Start by verifying that password.

ITGuy1024
Posted (edited)

Are there suppose to be quotes around the password in the batch file?

I'm guessing no?

Taking a closer look at the zerossl script it looks like it added this character ô to the beginning and end of the password I have. I'm guessing that character is from the quotations?

image.png.24da6af26c635033881fa73e2bc9d37d.png


*Fixed* the quotations and added symbol were the issue

Edited by ITGuy1024
  • Like 1
Posted

If you're referring to the batch file to generate your certificate, no there is no quotation marks. 

 

cd c:\ZeroSSL
@[member="Echo"] off
le64 --key account.key --csr domain.csr --csr-key domain.key --crt certificate.csr --domains myserveraddress.com --generate-missing --handle-as dns --export-pfx 12345678 --live
pause

hawaiizfynest
Posted
On 1/13/2020 at 9:19 AM, BAlGaInTl said:

Great guide.

 

The only comment that I would make is that I've been steering people more towards using Cloudflare's free service for the certificate.

 

It's a couple of extra steps in the beginning, but then you don't have to worry about updating every 90 days.  You get the added bonus of some protections that Cloudflare builds in to its service.

mind sharing the walk through for this? i personally love using CF stuff so this would be great for me.

Posted

Apologies for the long delay, lots of responses - thank you. We may be moving house and getting new network equipment so will read through replies and try and get a working solution in preparation :). 

  • 4 months later...
jonwalton19
Posted (edited)

This almost was a great transition from Plex.......except that setting up the [redacted] server so I access it on phone is pure garbage. your software [redacted]. 

Edited by GrimReaper
Wording
Posted

What's the issue with your connecting? Are you trying to access by your WAN address?

  • Like 1
  • 3 weeks later...
xnappo
Posted

@MikeB111Just wanted to thank you for this post.  I had been putting it off too long and got it working, though with squarespace since they took over from Google.

As a bonus, I got to use the information at work for something semiconductor certificate related - I was able to say 'Oh, kinda like how SSL CSAs work?' and get an enthusiastic 'Yes exactly!' lol

  • Like 1
bandit8623
Posted
On 12/24/2023 at 10:57 PM, jonwalton19 said:

This almost was a great transition from Plex.......except that setting up the [redacted] server so I access it on phone is pure garbage. your software [redacted]. 

the whole point on why emby is better is none of your stuff goes through their servers.  plex has access to all your stuff.  

  • Agree 1
Posted

For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with?

RDSII64
Posted
7 minutes ago, Zerok said:

For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with?

That is a good question. Unfortunately I don't know the answer yet. 

JulesC
Posted

 

2 hours ago, Zerok said:

For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with?

I was just getting ready to post the same question. Looking forward to any guidance here. Thanks

darkassassin07
Posted (edited)
3 hours ago, Zerok said:

For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with?

Cloudflares nameservers. Google/SquareSpace only handles the registration, cloudflare does the dns and WAF/Proxy for non-emby services. (don't proxy Emby with CFs WAF, it's against their ToS and will be throttled)

 

I was worried and asked on Lemmy before realizing I'm already using CF name servers so I won't have to do anything.

Edited by darkassassin07
MikeB111
Posted
On 1/25/2024 at 3:01 PM, Zerok said:

For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with?

Since I'm running my server from my house on a dynamic IP from my internet provider, support for Dynamic DNS was a requirement.  Google domains had worked great for me for a long time, but with the change to Squarespace with no DDNS support it's a no go for me now. 

I just transferred my domain name registration from Squarespace/Google to Namecheap.  Cost me $13 for the transfer, and was super easy, all done in a few minutes.  The namecheap interface for managing the domain was simple and actually very similar to Google, so it was familiar and easy.  With google domains, my ASUS router directly supported DDNS which was very convenient (although it didn't always work 100% reliably).  Namecheap isn't supported by my router directly, but they have a Windows dynamic DNS client that I set up to run on my Emby server which is always on anyways, and it seems to be working just fine. For those with more experience than I, namecheap dynamic DNS also works with DDClient (primarly a linux tool, but there is apparently also a windows install).

I'm by no means an expert and make no claim that this is the best solution, but I did just make this change and it seems to be working well so at least this is one working option to consider.

  • Agree 1
  • Thanks 1
bandit8623
Posted (edited)

no-ip offers free cert with the free monthly dynamic service.  just have to click 3 times once a month.   0$  but if you dont want to confirm in monthly then you wouldnt like it.  throwing that out there for people.

***Wow i spoke too soon. they just stopped offering the free cert now.  

image.thumb.png.f57fc3e21dc8a988e6f909fb6166e7ea.png

im guessing im good for the rest of the year possibly since i just set up my cert last week.  darn

sorry about that folks

looks like no ip is no longer the best option for free,  although with coupon in the fall they offer this stuff 50% off

image.png.50210453c74cfa8cf1cb81d8e8d4595d.png

Edited by bandit8623
ssl not included anymore

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...