SSL Connection Setup Help (not a noob)

[planedrop 4]

So was hoping I could get some help with this, really wanting to get a TLS cert installed on my Emby server and then setup public access, and I am quite sure I did everything right, but can't get any connection to work. I'll post step by step what I did here to see if anything stands out. I've installed TLS certs plenty of times before though, on Windows, Linux, etc... not just with certbot but manually like I am doing here (will explain why) but for some reason I just can't get this to work.

 

• I have a domain, emby.mydomain.com for example
• Used certbot in manual mode on another Ubuntu machine (prefer to do manual with DNS validation instead of opening up port 80 even temporarily)
• Got the cert which gives me a cert.pem, chain.pem, fullchain.pem, and privkey.pem file
• Used openssl to convert the fullchain.pem and privkey.pem to a PKCS#12 file called cert.pfx
• Entered my domain on Emby's settings
• Entered the path to the cert (transferred it over from the other Ubuntu machine which created it)
• Also validated the cert file is accessible by the embyserver account I have setup
• Entered the cert password
• Setup required on secure connections
• Rebooted the entire server
• Setup a Port Forward for 8920
• Added a firewall rule to allow 8920
• Used an external network to connect to emby.mydomain.com:8920
• I can see the traffic hit my firewall and be allowed through
• Disabled the UFW on Ubuntu (for testing)
• Yet still I get a connection timeout

 

Are there any good logs I can look at in Emby to see if something is going on here? It seems to me this should work but I'm having no such luck. Honestly would love to see the Emby team make this a bit easier, seems like it should be possible to automate it similar to Plex and just use letsencrypt to gen a cert and get things going automagically.

[Q-Droid 989]

Some things to try.

1. Restart Emby and check the embyserver.txt log. You can attach the log in this thread if you want someone to review it. What you're looking for is the server actually binding and listening on the https port. "Info App: Adding HttpsListener prefix https://+:8920/" or something to that effect.

2. Connect to your Emby server from a browser on LAN using https://<host IP>:8920. If it's working you'll get a cert error but can click through - Advanced -> continue to site

If you don't get the expected results from the above then doubly make sure the pfx is good and the emby runtime user can open it - permissions, ownership, access to the full path, etc.

 

 

 

 

[planedrop 4]

Boom you solved it! I made a dumb mistake lol, I setup two users on this machine both with the word emby in them and was mistakenly assigning the wrong user as owner of the pfx file, it's all good to go now! You helped me look at the right spot, thanks!