Carlo 4330 Posted April 15, 2023 Share Posted April 15, 2023 On 4/14/2023 at 3:08 PM, xibinim said: Thanks, I'll prepare a log. Will it require a lot of effort to strip of personal information? Edit - a quick scan, all I can see that's worth replacing is my name (username for this PC). If you like, send me a PM with the information to review vs publicly posting it. If you send me a screen shot of your DNS entries that would be a plus as well. Carlo PS you can send me a private message by hovering over my avatar. Link to comment Share on other sites More sharing options...
xibinim 7 Posted April 20, 2023 Share Posted April 20, 2023 Thank you all again. I had to revert as it completely buggered access to my clients, particularly those running it through a TV app. Will go back to the drawing board and follow up on your suggestions :). 1 Link to comment Share on other sites More sharing options...
ITGuy1024 13 Posted May 3, 2023 Share Posted May 3, 2023 Is this still a valid option? I followed the steps and my domain is now flagged as "Deceptive site ahead" Link to comment Share on other sites More sharing options...
Luke 37063 Posted May 4, 2023 Share Posted May 4, 2023 2 hours ago, ITGuy1024 said: Is this still a valid option? I followed the steps and my domain is now flagged as "Deceptive site ahead" You might be running into this issue: So please follow that topic. Thanks. Link to comment Share on other sites More sharing options...
Blackstar1988 0 Posted July 28, 2023 Share Posted July 28, 2023 On 7/6/2021 at 3:10 PM, MEB said: Using duckdns with home assistant so it creates the cert with letsencrypt any way to use that setup and the cert it creates automictically? did you find any answer to it im doing the same now pls share knowledge Link to comment Share on other sites More sharing options...
ITGuy1024 13 Posted August 20, 2023 Share Posted August 20, 2023 What am I missing? The WAN address won't update to https or the correct port. ZeroSSL successfully reached the _acme-challenge on my domain. Link to comment Share on other sites More sharing options...
Q-Droid 642 Posted August 20, 2023 Share Posted August 20, 2023 This is usually an indication that it couldn't open or use the cert and bind to the HTTPS port. Restart your Emby server and look through the new log to see if there are errors related to the cert file (pfx). Link to comment Share on other sites More sharing options...
ITGuy1024 13 Posted August 20, 2023 Share Posted August 20, 2023 4 minutes ago, Q-Droid said: This is usually an indication that it couldn't open or use the cert and bind to the HTTPS port. Restart your Emby server and look through the new log to see if there are errors related to the cert file (pfx). I restarted a few times. I see this in the log in relation to port 8920. 2023-08-19 20:18:20.986 Debug PortMapper: Creating port map on local port 8920 to public port 8920 with device 172.30.1.109 I see this in relation to pfx. "The specified network password is not correct." Is this reffering to the cert password or something else? I copied the cert password directly into emby from the batch file. I double checked, no added blank spaces. 2023-08-19 20:07:35.516 Error App: Error loading cert from C:\ZeroSSL\certificate.pfx *** Error Report *** Version: 4.7.13.0 Command line: C:\Users\Administrator\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp Operating system: Microsoft Windows 10.0.14393 Framework: .NET 6.0.16 OS/Process: x64/x64 Runtime: C:/Users/Administrator/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll Processor count: 4 Data path: C:\Users\Administrator\AppData\Roaming\Emby-Server\programdata Application path: C:\Users\Administrator\AppData\Roaming\Emby-Server\system Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags) Link to comment Share on other sites More sharing options...
Q-Droid 642 Posted August 20, 2023 Share Posted August 20, 2023 The request to restart is to make sure the log has all of the details. The server only tries to open the cert and bind to the HTTPS port on startup. If the log rotates or is rotated manually the new log won't have any info. And yes, it can't open the cert file. Most likely password but the messages might be misleading and it could be other reasons. Start by verifying that password. Link to comment Share on other sites More sharing options...
ITGuy1024 13 Posted August 20, 2023 Share Posted August 20, 2023 (edited) Are there suppose to be quotes around the password in the batch file? I'm guessing no? Taking a closer look at the zerossl script it looks like it added this character ô to the beginning and end of the password I have. I'm guessing that character is from the quotations? *Fixed* the quotations and added symbol were the issue Edited August 20, 2023 by ITGuy1024 1 Link to comment Share on other sites More sharing options...
Teknician 3 Posted August 20, 2023 Share Posted August 20, 2023 If you're referring to the batch file to generate your certificate, no there is no quotation marks. cd c:\ZeroSSL @[member="Echo"] off le64 --key account.key --csr domain.csr --csr-key domain.key --crt certificate.csr --domains myserveraddress.com --generate-missing --handle-as dns --export-pfx 12345678 --live pause Link to comment Share on other sites More sharing options...
hawaiizfynest 0 Posted August 20, 2023 Share Posted August 20, 2023 On 1/13/2020 at 9:19 AM, BAlGaInTl said: Great guide. The only comment that I would make is that I've been steering people more towards using Cloudflare's free service for the certificate. It's a couple of extra steps in the beginning, but then you don't have to worry about updating every 90 days. You get the added bonus of some protections that Cloudflare builds in to its service. mind sharing the walk through for this? i personally love using CF stuff so this would be great for me. Link to comment Share on other sites More sharing options...
xibinim 7 Posted August 21, 2023 Share Posted August 21, 2023 Apologies for the long delay, lots of responses - thank you. We may be moving house and getting new network equipment so will read through replies and try and get a working solution in preparation :). Link to comment Share on other sites More sharing options...
jonwalton19 0 Posted December 25, 2023 Share Posted December 25, 2023 (edited) This almost was a great transition from Plex.......except that setting up the [redacted] server so I access it on phone is pure garbage. your software [redacted]. Edited December 25, 2023 by GrimReaper Wording Link to comment Share on other sites More sharing options...
Teknician 3 Posted December 25, 2023 Share Posted December 25, 2023 What's the issue with your connecting? Are you trying to access by your WAN address? 1 Link to comment Share on other sites More sharing options...
Luke 37063 Posted January 14 Share Posted January 14 @jonwalton19? Link to comment Share on other sites More sharing options...
xnappo 1593 Posted January 19 Share Posted January 19 @MikeB111Just wanted to thank you for this post. I had been putting it off too long and got it working, though with squarespace since they took over from Google. As a bonus, I got to use the information at work for something semiconductor certificate related - I was able to say 'Oh, kinda like how SSL CSAs work?' and get an enthusiastic 'Yes exactly!' lol 1 Link to comment Share on other sites More sharing options...
bandit8623 48 Posted January 24 Share Posted January 24 On 12/24/2023 at 10:57 PM, jonwalton19 said: This almost was a great transition from Plex.......except that setting up the [redacted] server so I access it on phone is pure garbage. your software [redacted]. the whole point on why emby is better is none of your stuff goes through their servers. plex has access to all your stuff. 1 Link to comment Share on other sites More sharing options...
Zerok 0 Posted January 25 Share Posted January 25 For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with? Link to comment Share on other sites More sharing options...
RDSII64 4 Posted January 25 Share Posted January 25 7 minutes ago, Zerok said: For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with? That is a good question. Unfortunately I don't know the answer yet. Link to comment Share on other sites More sharing options...
JulesC 44 Posted January 26 Share Posted January 26 2 hours ago, Zerok said: For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with? I was just getting ready to post the same question. Looking forward to any guidance here. Thanks Link to comment Share on other sites More sharing options...
darkassassin07 423 Posted January 26 Share Posted January 26 (edited) 3 hours ago, Zerok said: For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with? Cloudflares nameservers. Google/SquareSpace only handles the registration, cloudflare does the dns and WAF/Proxy for non-emby services. (don't proxy Emby with CFs WAF, it's against their ToS and will be throttled) I was worried and asked on Lemmy before realizing I'm already using CF name servers so I won't have to do anything. Edited January 26 by darkassassin07 Link to comment Share on other sites More sharing options...
MikeB111 48 Posted January 29 Author Share Posted January 29 On 1/25/2024 at 3:01 PM, Zerok said: For those on Google Domains which is now moving over to Squarespace in the next 30 days, which DNS solution are you going with? Since I'm running my server from my house on a dynamic IP from my internet provider, support for Dynamic DNS was a requirement. Google domains had worked great for me for a long time, but with the change to Squarespace with no DDNS support it's a no go for me now. I just transferred my domain name registration from Squarespace/Google to Namecheap. Cost me $13 for the transfer, and was super easy, all done in a few minutes. The namecheap interface for managing the domain was simple and actually very similar to Google, so it was familiar and easy. With google domains, my ASUS router directly supported DDNS which was very convenient (although it didn't always work 100% reliably). Namecheap isn't supported by my router directly, but they have a Windows dynamic DNS client that I set up to run on my Emby server which is always on anyways, and it seems to be working just fine. For those with more experience than I, namecheap dynamic DNS also works with DDClient (primarly a linux tool, but there is apparently also a windows install). I'm by no means an expert and make no claim that this is the best solution, but I did just make this change and it seems to be working well so at least this is one working option to consider. 1 1 Link to comment Share on other sites More sharing options...
bandit8623 48 Posted January 29 Share Posted January 29 (edited) no-ip offers free cert with the free monthly dynamic service. just have to click 3 times once a month. 0$ but if you dont want to confirm in monthly then you wouldnt like it. throwing that out there for people. ***Wow i spoke too soon. they just stopped offering the free cert now. im guessing im good for the rest of the year possibly since i just set up my cert last week. darn sorry about that folks looks like no ip is no longer the best option for free, although with coupon in the fall they offer this stuff 50% off Edited January 29 by bandit8623 ssl not included anymore Link to comment Share on other sites More sharing options...
Q-Droid 642 Posted January 29 Share Posted January 29 For DDNS users switching providers or with multiple providers this can simplify things. Supported on Windows, Mac, Linux and routers running Tomato, DD-WRT and I think Merlin. https://www.dnsomatic.com/docs/supportedservices 1 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now