Jump to content
jachin99

Help troubleshooting SSL remote connections

Recommended Posts

jachin99

I had two problems come up within a few days for emby a while back.  Problem 1 was that my power went out, and my battery backup wasn't enough to keep my router powered on.  Problem two was my LE certificate expired.  Since then I have had no luck getting SSL working with Emby.  I have tried using a paid cert with namecheap, which i prefer because the renewal period is much longer, and a free one with LE.  Each cert has had the domain verified.  I have double checked my password, and I have ensured port forwarding is setup correctly.  I can reach my SSL port from the WAN.  What can I do to troubleshoot?  Can I provide log data?  Do I need to debug the issue in a browser?  I can't reach my domain from the LAN if that is any help.  Thanks.  

Share this post


Link to post
Share on other sites
cayars
Posted (edited)

Turn on debug logging and restart the server.  Take a look through the log file and there should be a error message about SSL if it's not working.

Typically it's a wrongly generated key or wrong password.

Edited by cayars

Share this post


Link to post
Share on other sites
jachin99

Is there a certain keyword I should use when looking at log data

Share this post


Link to post
Share on other sites
cayars

It will be toward the beginning of the log.  Try "SSL"

Share this post


Link to post
Share on other sites
jachin99

I tried ssl, and a few others but I don't get any results.  The only thing that did give me a result is 8920 with a log entry saying it listening on that port

Share this post


Link to post
Share on other sites
cayars

If https://your ip:8920 works then just ignore this as SSL is working.  It could have just been a bad attempt that fixes itself.  I just wanted to share that I saw an SSL initialization error in the log.

Share this post


Link to post
Share on other sites
jachin99
Posted (edited)

I never tried that.  It looks like MYIP:PORT works on the LAN and shows a LE certificate.  Would that narrow it down to a domain name problem?  

EDIT:  It works with the WAN address also so port forwarding should be working also.  How would I troubleshoot a domain name issue. 

Edited by jachin99

Share this post


Link to post
Share on other sites
cayars

https://domain name:8920

What setting do you have set in Networking for option: secure connection mode

Share this post


Link to post
Share on other sites
jachin99

I tried all three at some point but still no luck. Thanks for all of your help

Share this post


Link to post
Share on other sites
Q-Droid

Did your public IP address change due to the router downtime? You need to verify that your domain is resolving the the correct WAN IP address.

nslookup "your domain"

If it doesn't resolve to the current WAN IP then it needs to be updated.

  • Like 1

Share this post


Link to post
Share on other sites
cayars
5 hours ago, jachin99 said:

I tried all three at some point but still no luck. Thanks for all of your help

If you like we can setup a TeamViewer remote support meeting and I can try and remotely help you.  This might be easier because I can look at a bunch of things very quickly and find the source of the problem.

Send me a PM if interested otherwise we can keep working here.

Share this post


Link to post
Share on other sites
jachin99
14 hours ago, Q-Droid said:

Did your public IP address change due to the router downtime? You need to verify that your domain is resolving the the correct WAN IP address.

nslookup "your domain"

If it doesn't resolve to the current WAN IP then it needs to be updated.

I just did a nslookup, and it doesn't resolve to my current IP.  I have a dd client installed as my dynamic DNS client so the problem seems to point there.  Is that right?

10 hours ago, cayars said:

If you like we can setup a TeamViewer remote support meeting and I can try and remotely help you.  This might be easier because I can look at a bunch of things very quickly and find the source of the problem.

Send me a PM if interested otherwise we can keep working here.

I appreciate the offer but I think I can do this with a little help on the forums.  If things get too wierd then maybe we can do a teamviewer session.  

Share this post


Link to post
Share on other sites
cayars

Yes, your DNS record needs updating!

Share this post


Link to post
Share on other sites
jachin99

Do I typically have to open a firewall port for my ddns client?

Share this post


Link to post
Share on other sites
cayars
Posted (edited)

Typically No as outbound connections are normally allowed.

But for now maybe manually update the IP so you can make sure SSL is working correctly.

Edited by cayars

Share this post


Link to post
Share on other sites
jachin99

I dont see a way to manually update the IP on my dynamic dns client but I see an entry for my IP under synthetic records on the google domains dashboard.  The IP address listed there is wrong but I'm not seeing an easy way to just edit the IP.  Maybe I should try resetting all of the settings on that tab under google domains?  It looks like it will just reset my username and password for DDNS. 

Share this post


Link to post
Share on other sites
cayars

Every DDNS works differently but most will allow you to manually control DDNS without having to use a program or utility.  Many home routers have the "code" built in as well to keep things updated on many different services.

What specific DDNS service are you using?

Share this post


Link to post
Share on other sites
cayars

I meant what service are you using for DDNS regardless of client used to update the records?

Share this post


Link to post
Share on other sites
jachin99

I think it's included with my Google domains service

Share this post


Link to post
Share on other sites
jachin99

Cayers, you were correct about my DDNS Client.  I can't honestly say that I know exactly what the issue was however, deleting the synthetic record from google domains, and creating a new one helped.  I also found an article here https://askubuntu.com/questions/719616/ddclient-with-google-domains-dynamic-dns-to-ssh-into-my-desktop about google neglecting to tell users they needed quotes around their password for DD Client.  That was final piece of the puzzle, and once I did that my external access worked again.  I'm going to take this whole thread, and make notes about what could have been wrong, and I'll probably try to share those on the forums.  I read through some of my old posts when I originally setup SSL, and I ran into the same issue last time.  Thanks again for everyone's help.  

  • Like 1

Share this post


Link to post
Share on other sites
cayars

Awesome.  Glad you got it working again!

Good work find that.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...