Q-Droid 989 Posted January 22, 2023 Posted January 22, 2023 I had suspected one of the problems in the log but not the other. The server can't open your certificate file therefore can't listen on the https port: 2023-01-22 09:29:56.845 Error App: Error loading cert from C:\ZeroSSL\certificate.pfx *** Error Report *** Version: 4.7.11.0 Command line: C:\Users\USER\AppData\Roaming\Emby-Server\system\EmbyServer.dll C:\Users\USER\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp Operating system: Microsoft Windows 10.0.19044 Framework: .NET 6.0.10 OS/Process: x64/x64 Runtime: C:/Users/USER/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll ... Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct. Are you running a VPN? 2023-01-22 09:29:56.927 Info NetworkManager: Detecting local network addresses 2023-01-22 09:29:56.927 Info NetworkManager: networkInterface: Ethernet Hamachi, Speed: 10000000000, Description: LogMeIn Hamachi Virtual Ethernet Adapter 2023-01-22 09:29:56.927 Info NetworkManager: GatewayAddresses: 2620:9b::1900:1 2023-01-22 09:29:56.927 Info NetworkManager: UnicastAddresses: 2620:9b::1908:32d2,fe80::22c8:87c9:7088:e83e%28 For starters disable the secure connection mode and the VPN then check to see if you can connect using HTTP. Then fix the certificate file access problem - bad password - and try the https connections. Then you'll have to figure out if you can continue to run with the VPN as is or need a split tunnel or other options.
strander14 3 Posted January 22, 2023 Author Posted January 22, 2023 8 minutes ago, Q-Droid said: I had suspected one of the problems in the log but not the other. The server can't open your certificate file therefore can't listen on the https port: 2023-01-22 09:29:56.845 Error App: Error loading cert from C:\ZeroSSL\certificate.pfx *** Error Report *** Version: 4.7.11.0 Command line: C:\Users\USER\AppData\Roaming\Emby-Server\system\EmbyServer.dll C:\Users\USER\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp Operating system: Microsoft Windows 10.0.19044 Framework: .NET 6.0.10 OS/Process: x64/x64 Runtime: C:/Users/USER/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll ... Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct. Are you running a VPN? 2023-01-22 09:29:56.927 Info NetworkManager: Detecting local network addresses 2023-01-22 09:29:56.927 Info NetworkManager: networkInterface: Ethernet Hamachi, Speed: 10000000000, Description: LogMeIn Hamachi Virtual Ethernet Adapter 2023-01-22 09:29:56.927 Info NetworkManager: GatewayAddresses: 2620:9b::1900:1 2023-01-22 09:29:56.927 Info NetworkManager: UnicastAddresses: 2620:9b::1908:32d2,fe80::22c8:87c9:7088:e83e%28 For starters disable the secure connection mode and the VPN then check to see if you can connect using HTTP. Then fix the certificate file access problem - bad password - and try the https connections. Then you'll have to figure out if you can continue to run with the VPN as is or need a split tunnel or other options. - Disabled secure connection. - The password is the one that I used in the get-cert bat for SSL - it is the same one that I tried - unless it is a different password. https did not work http on my DNS did work. Okay so - it might not be loading the certificate because I don't have the external domain name in there right now? So I just added in the domain name and I CAN connect now through the domain to the 8096 port - which I was unable to do before. I don't have a VPN on (I use Mullvad - but it isn't on) - my hamachi tunneler service is disabled right now - it just might be detecting that there is a virtual ethernet addapter (correct me if I am wrong - but I couldn't find any service for it that was running) Attached is the next server log. embyserver(1).txt
Q-Droid 989 Posted January 22, 2023 Posted January 22, 2023 It's not loading the certificate because it can't open the file. Fix that problem then enable secure connections again. Restart and test HTTPS.
strander14 3 Posted January 22, 2023 Author Posted January 22, 2023 You're right - I just tried installing the certificate and it says the password is incorrect. It is the same password I used in that get_cert.bat. I am wondering how it changed. I guess I will recertify the DNS and get back to you when I figure that out.
strander14 3 Posted January 22, 2023 Author Posted January 22, 2023 So this is what I followed when creating my cert: @[member="Echo"] off le64 --key account.key --csr domain.csr --csr-key domain.key --crt certificate.csr --domains "yourdomain.net" --generate-missing --handle-as dns --export-pfx “yourpasswordhere” --live pause Replaced the domain with my domain - and the password with a password. When I enter that password it says it is incorrect. Even generating a new certificate with a new password yields the same results. Attached shows that the SSL cert creation was working properly. Also attached is the file that I am trying to access with the password input in "yourpasswordhere".
Eigeplackter 90 Posted January 22, 2023 Posted January 22, 2023 Afaik the cerrificate should be named like the domain it‘s serving. In my case that‘s: _.<myname>.synology.me.pfx The _ is included, as it‘s a wildcard cerrificate.
strander14 3 Posted January 22, 2023 Author Posted January 22, 2023 19 minutes ago, Eigeplackter said: Afaik the cerrificate should be named like the domain it‘s serving. In my case that‘s: _.<myname>.synology.me.pfx The _ is included, as it‘s a wildcard cerrificate. Tested this: Still getting this error: 2023-01-22 12:27:03.253 Error App: Error loading cert from H:\ZeroSSL\_.xxxxxxxxxx.com.pfx Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info)
Eigeplackter 90 Posted January 22, 2023 Posted January 22, 2023 If I understand this article correctly, and it seems you are running emby server on a MS OS you might want to try importing your certificate to the OS. But its just a hunch, makes sense to me that Windows wont accept/handle certificates from any other destination, thats „not known“.
strander14 3 Posted January 22, 2023 Author Posted January 22, 2023 I tried this and got the same error when trying to import the cert. I am just confused as to why or even how the password is incorrect.
seanbuff 1316 Posted January 22, 2023 Posted January 22, 2023 Does your password have any special characters in it? If so, remove them, recreate cert and try again. 1
strander14 3 Posted January 22, 2023 Author Posted January 22, 2023 Original cert did have special characters - the newest one created does not have any special characters. 10 minutes ago, seanbuff said: Does your password have any special characters in it? If so, remove them, recreate cert and try again.
seanbuff 1316 Posted January 22, 2023 Posted January 22, 2023 Also check that the user running Emby Server has access/permissions to read this file Quote H:\ZeroSSL\_.xxxxxxxxxx.com.pfx As a test, have you tried a really basic 8-character password like "abcd1234"
strander14 3 Posted January 22, 2023 Author Posted January 22, 2023 (edited) I used chmod -R 777 certificate.pfx to make sure it had read access to the file - as well as the whole folder. And I haven't tried something that basic - right now it is 16 char with upper+lower case letters and numbers. I can't create any other certs since I have reached my limit of five for ZeroSSL. 15 minutes ago, seanbuff said: Also check that the user running Emby Server has access/permissions to read this file As a test, have you tried a really basic 8-character password like "abcd1234" Edited January 22, 2023 by strander14 Additional information
Q-Droid 989 Posted January 22, 2023 Posted January 22, 2023 Do you also get the cert file when using le64? If so then you can create the pfx using other tools. In your listing above I don't see a file for the certificate itself - .pem or .cer.
strander14 3 Posted January 22, 2023 Author Posted January 22, 2023 Oh my goodness. I got it!! I was browsing another post on the forum. I posted what I followed below. I did try what you are saying - creating the pfx file myself - but I couldn't figure out how to do it. The .pem is also something that le64 didn't generate or that I didn't find. 8 minutes ago, Q-Droid said: Do you also get the cert file when using le64? If so then you can create the pfx using other tools. In your listing above I don't see a file for the certificate itself - .pem or .cer. Either way - I can use my 8920 port to login as well as my domain!! THANK YOU GUYS FOR THE HELP!!!! 3
seanbuff 1316 Posted January 22, 2023 Posted January 22, 2023 11 minutes ago, strander14 said: I was browsing another post on the forum. I posted what I followed below. Well done, yes I also found that and was going to mark it as a Recommended post over there, I will do that now. Thanks for following up.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now