HTTPS Server Not Working

[praxs 0]

17 hours ago, Q-Droid said:

Have you tried with your server's local IPv4 address instead of localhost which appears to be using IPv6 (::1)? I don't expect a difference but it doesn't hurt to try.

 

Yeah, on my local network, to watch I use http://192.168.0.205:8096, from my PC to access the server, and yes, i had try to acces https://192.168.0.205:8920 and not working as well

14 hours ago, cayars said:

The cert warning using localhost isn't a big deal as long as you can ignore and connect. That's expected. It going to plex instead of Emby isn't what's expected which it was doing earlier when I tested from my house.

But it's better to use the IP of the machine as a test from a different computer so you can make sure the software firewall isn't blocking the connection.

Step One:
Change the way you use your domain.  Instead of using  http://xxxxxxxx.com:8880/Plex and  http://xxxxxxxxxx.com:8880/Emby, setup things like this:
 http://plex.xxxxxxxxxx.com:8880 and  http://emby.xxxxxxxx.com:8880.  <-- the port used in this examples is irrelevant.  The use of subdomains can make routing much easier especially if you want this to work with Emby. You can redirect /web and test in a browser and think it works but as soon as you start trying to test with devices and apps it will be broken.  This doesn't work with Emby.

Step Two: Decide what ports you will use for Plex and what ports you will use for Emby.  Set both of them up to use the subdomain and generate a new cert if needed (if not wildcard) and install that on both systems.

Step Three:
Remove all ports from the cable modem/firewall and start fresh opening the proper ports for each of these services.

Step Four:
Use canyouseeme.org to test each port to make sure it's open.
Test each port from the internet making sure the port is open and the service responds.  Ignore any cert errors at this point.

Step Five:
Blow away your setup in Cloudflare and start over. You actually can't do this with one Cloudflare account as you only get 3 page rules and you will need 3 rules for each media server.  If it were me I'd use you the domain for Emby then setup Plex with a different account so you get 3 more page rules to use with it.
You need to set rules to not cache video, cache images and static pages/elements. That takes 3 rules for Emby.

For now to get things working you could setup plex as a CNAME record pointing to the ddns name of your Plex server that you get with them. It's going to redirect anyway so this is probably the easiest method anyway.

Now you need to make sure you setup Cloudflare to use the ports you want vs them redirecting traffic to port 80 and 443 which you are not setup to use. Not for Emby anyway.

That's it.

So I still don't see the need for all of this, Plex only uses 32400, we can't change that, they don't allow it, but, it works http and https on the same door without any problems.

And as I told before, I had made a hole new machine to install only Emby, from 0 and I had the same result when configure the https.

I would really like to try a local configuration change, without a reverse proxy or anything like changing domains

For real, to really solve my problem, we should forget the external access and focus on why isn't https working on local net/local host?

I think that if we focus on that side of the problem, we could beat this faster

Edited November 9, 2021 by Happy2Play
edited urls

[Q-Droid 989]

I would be trying other tools like wireshark, nmap, ncat, openssl, curl, wget, whatever Windows has (Event Viewer?), etc. to see if the results/errors provide any clues.

If you're comfortable with SSL tools I would also make double sure the PFX file is good or even renew and recreate it. There is no indication in the logs that Emby is having problems with the cert but it's something that's easy enough to do and eliminate.

 

Edited November 9, 2021 by Q-Droid

[praxs 0]

1 hour ago, Q-Droid said:

I would be trying other tools like wireshark, nmap, ncat, openssl, curl, wget, whatever Windows has (Event Viewer?), etc. to see if the results/errors provide any clues.

If you're comfortable with SSL tools I would also make double sure the PFX file is good or even renew and recreate it. There is no indication in the logs that Emby is having problems with the cert but it's something that's easy enough to do and eliminate.

 

I will try to remake it, but it doesn't seem like it, cause i'm using the same cert on IIS and Plex

The certificate is from Let's Encrypt

[Carlo 4561]

6 hours ago, praxs said:

Yeah, on my local network, to watch I use http://192.168.0.205:8096, from my PC to access the server, and yes, i had try to acces https://192.168.0.205:8920 and not working as well

It may or may not work.  For this to work your local and remote ports would need to match.
local http and remote http should be the same port (8096)
local https and remote https should be the same (8920)

If a PC on the same network can't access the server using https://192.168.0.205:8920 then that narrows it down. The issue could be on the server or client side.
If you try the same test again but use https://192.168.0.205:8920 on the server itself that will narrow it down by half.

This sounds like a configuration issue in Emby that is wrong.
When testing the above if it doesn't work adjust:

Try all three of the bottom choices (not Disabled).

Let us know how you make out with this test.

[praxs 0]

43 minutes ago, cayars said:

It may or may not work.  For this to work your local and remote ports would need to match.
local http and remote http should be the same port (8096)
local https and remote https should be the same (8920)

If a PC on the same network can't access the server using https://192.168.0.205:8920 then that narrows it down. The issue could be on the server or client side.
If you try the same test again but use https://192.168.0.205:8920 on the server itself that will narrow it down by half.

This sounds like a configuration issue in Emby that is wrong.
When testing the above if it doesn't work adjust:

Try all three of the bottom choices (not Disabled).

Let us know how you make out with this test.

Okay, doing the test right now

 

I already try that before openning the topic, but here we go

 

For my configuration, I let on Preferred, but not required, so, when I change to Required, it shows the SSL Handshake Error (i really just think that this error just show us that the Cloudflare wouldn't be able to see any certificate)

And when I let it by Reverse Proxy, still the same, HTTP works, HTTPS not working

[praxs 0]

3 hours ago, praxs said:

Okay, doing the test right now

 

I already try that before openning the topic, but here we go

 

For my configuration, I let on Preferred, but not required, so, when I change to Required, it shows the SSL Handshake Error (i really just think that this error just show us that the Cloudflare wouldn't be able to see any certificate)

And when I let it by Reverse Proxy, still the same, HTTP works, HTTPS not working

So, after all this time, i've had tried as @Q-Droidsuggested and recreate/renew the certificate (again using let's encrypt) and associated it only to emby (I've been thinking if plex wasn't blocking that file), and as restarted at first, the https had stopped at all, wasn't showing the message that was listening on https, so restarted again, tried to access directly from outside and that time it was working perfectly, on the future probably I will try to make only a copy of the pfx file and see if I need one pfx file per server (IIS uses the installed version, so the file isn't a need for this)

I would like to thanks to all that took a time to help with that problem

[Luke 42078]

Thanks for the feedback !

[Happy2Play 9780]

45 minutes ago, praxs said:

on the future probably I will try to make only a copy of the pfx file and see if I need one pfx file per server

Not proficient in this area but with everything being on different ports one cert would do the job.

 

@praxswould you like all these post sanitized of your WANIP/domain?

[praxs 0]

51 minutes ago, Happy2Play said:

Not proficient in this area but with everything being on different ports one cert would do the job.

 

@praxswould you like all these post sanitized of your WANIP/domain?

@Happy2Play yeah, I really think that too, when it expires, I will try to make a simple copy and will update here if works or not

And yes, please, if you could do that to me

[Carlo 4561]

@praxs Do you have everything up and running now?