Certbot Certification on Emby windows 10 Pro machine

[Nitro_Zeus 11]

Hey Guyes, 

I have installed Emby with default settings. 

ran Certbot to get a Certificate to nitrozeus.stream 

I followed this guide: https://certbot.eff.org/instructions?ws=other&os=windows 

And the cert setup was success See picture Emby 03.png and picture Emby 02.png

I have not changed any settings in netowork besides adding my domain nitrozeus.stream. and somehow the WAN wont update, and i cannot access the site https://nitrozeus.stream

I tried to define the path "Custom SSL certificate path" to where the "fullchain.pem" file is, wich works fine, but still nothing works, what am i doing wrong 

 

 

[Luke 42083]

Ho, what do your network settings look like now?

[Nitro_Zeus 11]

looks like this. 

as of now i can access the site at; http://nitrozeus.stream:8096/web/index.html#!/home

But it is still Not secure HTTP

screencapture.pdf

[Luke 42083]

10 minutes ago, Nitro_Zeus said:

looks like this. 

as of now i can access the site at; http://nitrozeus.stream:8096/web/index.html#!/home

But it is still Not secure HTTP

screencapture.pdf 530.76 kB · 2 downloads

Hi, can you please attach an image file rather than a pdf? Thanks !

[ebr 16187]

Doesn't the cert need to be in PFX format...?

[Nitro_Zeus 11]

there you go. 

 

[Luke 42083]

Hi, did you notice the Secure Connection Mode option?

[Nitro_Zeus 11]

ohh, just changed that, but it still does not change the WAN address to a secure one. 

it should be changed to https://nitrozeus.stream:8920 acording to the network configuration. 

could it be the certification thats supposed to be in pfx format? 

 

[Q-Droid 989]

@ebr posted the answer. You need to use your PEM certs to create a PKCS12 archive (PFX) which is the keystore format that Emby uses.

 

[Nitro_Zeus 11]

• Any ideas on how to convert .PEM to .pfx then? 
• I got the following files to my certificate;

privkey.pem : the private key for your certificate.
fullchain.pem : the certificate file used in most server software.
chain.pem : used for OCSP stapling in Nginx >=1.3.7.
cert.pem : will break many server configurations, and should not be used

[Q-Droid 989]

You would use the privkey and fullchain PEM files. Search the forum for openssl, there are dozens of examples.

[Nitro_Zeus 11]

i tried researching it, but all the guides seems a bit off cours, not easy explained i need a step by step on this one, never tried before.

[Q-Droid 989]

You have a few options. If you have openssl installed on your system you can follow the steps in the post linked below. The <path to PKCS12 file> expects the full path including the pfx filename. I wouldn't put the file in the Certbot folder but instead create a location to be used by Emby, for example - C:\something\ssl\mydomain.pfx, then update the Emby Network Settings with that path.

If you don't have and don't want openssl then the SSLShopper online conversion tool is an option. Many in the community have used and recommend it.

https://www.sslshopper.com/ssl-converter.html

 

 

[Nitro_Zeus 11]

Just to solve this topic i found the solution to convert the privkey.pem -> fullchain.pem -> chain.pem -> cert.pem and get it to PFX format 

The command is simple and goes like this in powershell: 

openssl pkcs12 -export -out embycert.p12 -in cert.pem -inkey privkey.pem