Cthalpa 10 Posted May 24, 2020 Posted May 24, 2020 (edited) NB: This script only supports debian O/S, and debian based distributions (ubuntu etc). The script requires systemctl and apt which is present in all newer distributions.This script will probably not work as intended on Debian below v7 and Ubuntu below 14. A while back I created a script that will: Check if Apache and/or Nginx is running, and if running stop them. Disable UFW (firewall). Flush iptables. Check if certbot is installed, and if not, install it. Check if certificate is located in the emby directory, and if found, delete it. Ask for your FQDN of your emby server. Create a new certificate that's valid for 90 days. Convert the certificate to PFX and copy it to your emby directory. Ask for your emby group and user and change permissions of the PFX to the specified user (default is emby). Re-enable UFW (firewall). Re-enable Apache and/or Nginx (if it was stopped). Restart the Emby system service. After you have downloaded and placed the script on your server, you must unzip it and give the script execution permission. To do that, run the command: unzip embycert.zip && chmod +x embycert.sh This script should be run every 3 months to keep your certificate up-to-date. This script MUST be run as root with either SU or SUDO. SUDO is not native in Debian, and I would recommend to run this script it as root. NB: After installation, you must define the path to the certificate (under Network tab) which is: /var/lib/emby/emby.pfx and then again manually restart the emby server system service. Remember, if the FQDN is not typed correctly, the installation will fail, so be sure to spell it correctly, and make sure that the A record is valid and working. embycert.sh Edited July 10, 2020 by Cthalpa
Cthalpa 10 Posted July 9, 2020 Author Posted July 9, 2020 (edited) Last updated today Edited July 9, 2020 by Cthalpa
NuevaConexion 0 Posted July 1, 2022 Posted July 1, 2022 greetings, it does not work gives an error in ubuntu 20.04
Luke 38811 Posted July 1, 2022 Posted July 1, 2022 5 minutes ago, NuevaConexion said: greetings, it does not work gives an error in ubuntu 20.04 Hi, what error?
Cthalpa 10 Posted July 27, 2022 Author Posted July 27, 2022 On 7/1/2022 at 3:50 AM, NuevaConexion said: greetings, it does not work gives an error in ubuntu 20.04 I have tested the script in ubuntu 18 to 22, as well as debian 8-13 and it works. Have you solved the problem? 1
treason 11 Posted December 15, 2022 Posted December 15, 2022 Thanks for this script. My ISP blocks port 80. Is there a way to use a non default port for lets encrypt valdation?
Oratorian 21 Posted December 21, 2022 Posted December 21, 2022 (edited) On 12/15/2022 at 2:02 PM, treason said: Thanks for this script. My ISP blocks port 80. Is there a way to use a non default port for lets encrypt valdation? Do you have access to the domains nameserver to create nameserver records? If yes you could DNS-01 authentication which would only needs you to prove ownership of the domain by creating a special TXT record. More info here -> https://jmorahan.net/articles/lets-encrypt-without-port-80/ Client thats supports DNS-01 for windows : A simple Windows ACMEv2 client (WACS) This is a walkthrough client where you just have to answer questions. Very simple to use. For linux this can be done with certbot : certbot -d example.com --manual --preferred-challenges dns certonly Edited December 21, 2022 by Oratorian 1
JuJuJurassic 34 Posted February 13, 2024 Posted February 13, 2024 This script is absolutely brilliant, it worked perfectly. All I had to do was the DNS side and allow 443 to my emby server and it's running perfectly Thank you SO MUCH. After running it you need to convert the certificate to a 12 certificate, the command to do that is; openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out pkcs12.pfx -certfile chain.pem I had a little permissions issue, but I suspect that was my fault to test it run; sudo certbot renew --dry-run Brilliant. Thank you so much and have a great evening
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now