Tbone1169 1 Posted March 22, 2023 Posted March 22, 2023 I had followed this guide for setting up SSL. I had it working just fine for months. Every time I needed to renew I'd run the renew_cert.bat and update the domain each time everything was fine. On my last renewal EMBY began throwing the below error and only showing remote access to HTTP and port 8096 instead of HTTPS and port 8920 like it should. I don't understand how it could be an issue with the password as its a simple password no special characters, its the same one its always been, and it was functioning just fine for months every time I renewed. I have even copied the exact password that was used in the .BAT text file into emby so I know they are exactly the same and still can't get it to work. Any suggestions would be appreciated. Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags)
Abobader 3464 Posted March 22, 2023 Posted March 22, 2023 Hello Tbone1169, ** This is an auto reply ** Please wait for someone from staff support or our members to reply to you. It's recommended to provide more info, as it explain in this thread: Thank you. Emby Team
jd_emby 0 Posted March 24, 2023 Posted March 24, 2023 I am having the exact same issue as Tbone1169. Never had any issues adding the certificate previously. I'm using emby on a windows 10 device Log file shows the following error when checking the new certificate Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags)
jd_emby 0 Posted March 24, 2023 Posted March 24, 2023 Sorry should add, the certificate was created using synology ddns which creates a .pem file which was then converted to .pfx
Luke 42080 Posted March 24, 2023 Posted March 24, 2023 Hi, please attach the complete emby server log. Thanks.
jd_emby 0 Posted March 24, 2023 Posted March 24, 2023 Hi Luke, I have worked out my issue the certificate from Synology NAS was corrupt, I have Added a new certificate over top of the existing one which has refreshed all settings, and am now able to apply it to Emby successfully. Thank you for your time. Regards
Tbone1169 1 Posted March 24, 2023 Author Posted March 24, 2023 (edited) Here is my server log @Luke embyserver.txt Edited March 24, 2023 by Tbone1169
Luke 42080 Posted March 29, 2023 Posted March 29, 2023 On 3/24/2023 at 7:36 AM, Tbone1169 said: Here is my server log @Luke embyserver.txt 292.57 kB · 1 download OK this is from a midnight log file rotation. Can you please attach the emby server log from when the server first loads? That's when it tries to load your ssl cert. Thanks.
Tbone1169 1 Posted March 30, 2023 Author Posted March 30, 2023 I'm not sure how to differentiate them but I just restarted the server so it should be one of these as they're the most recent. embyserver.txt embyserver-63815756126.txt
Luke 42080 Posted April 10, 2023 Posted April 10, 2023 On 3/30/2023 at 8:00 AM, Tbone1169 said: I'm not sure how to differentiate them but I just restarted the server so it should be one of these as they're the most recent. embyserver.txt 81.16 kB · 0 downloads embyserver-63815756126.txt 122.95 kB · 0 downloads HI, did you see this in the log? 2023-03-30 06:51:14.962 Error App: Error loading cert from C:\Users\Tyler\ZeroSSL\certificate.pfx *** Error Report *** Version: 4.7.11.0 Command line: C:\Users\Tyler\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp Operating system: Microsoft Windows 10.0.19044 Framework: .NET 6.0.10 OS/Process: x64/x64 Runtime: C:/Users/Tyler/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll Processor count: 4 Data path: C:\Users\Tyler\AppData\Roaming\Emby-Server Application path: C:\Users\Tyler\AppData\Roaming\Emby-Server\system Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct.
Luke 42080 Posted April 10, 2023 Posted April 10, 2023 In case you do actually have the right password, I think some of the solutions here may help: https://stackoverflow.com/questions/8286110/asp-net-the-specified-network-password-is-not-correct Please let us know if this helps. Thanks.
Tbone1169 1 Posted April 21, 2023 Author Posted April 21, 2023 On 4/10/2023 at 12:51 PM, Luke said: In case you do actually have the right password, I think some of the solutions here may help: https://stackoverflow.com/questions/8286110/asp-net-the-specified-network-password-is-not-correct Please let us know if this helps. Thanks. I've tried just about everything. I did see where it said it "password is not correct" but I just don't understand how. Its the same as its always been and was working just fine I also still have the original txt file used to set up the cert that shows the password matches. I can't seem to pinpoint what changed.
Tbone1169 1 Posted June 9, 2023 Author Posted June 9, 2023 On 4/21/2023 at 10:31 AM, Luke said: Maybe try a new password? Waited for my certificate to expire and tried to renew with a new password and emby is still returning the same error as before. Completely stumped at this point.
rbjtech 5284 Posted June 9, 2023 Posted June 9, 2023 3 hours ago, Tbone1169 said: Waited for my certificate to expire and tried to renew with a new password and emby is still returning the same error as before. Completely stumped at this point. try running certutil -dump "your-cert-file-location.pfx" if when you enter the password, you get the full cert details - then the issue is not with your cert. Maybe try a very simple password just as a test, just letters & numbers for example - there is a chance that things like symbols or extended characters may get misinterpreted.
Tbone1169 1 Posted June 9, 2023 Author Posted June 9, 2023 4 hours ago, rbjtech said: try running certutil -dump "your-cert-file-location.pfx" if when you enter the password, you get the full cert details - then the issue is not with your cert. Maybe try a very simple password just as a test, just letters & numbers for example - there is a chance that things like symbols or extended characters may get misinterpreted. When I run this it prompts for password but won't allow me to type a password, I made sure I was running cmd as admin but it won't let me type anything in the password field. Any idea why that would be?
rbjtech 5284 Posted June 9, 2023 Posted June 9, 2023 7 minutes ago, Tbone1169 said: When I run this it prompts for password but won't allow me to type a password, I made sure I was running cmd as admin but it won't let me type anything in the password field. Any idea why that would be? Hmm sound very odd. I would recreate a new cert (maybe do a test) - there is something not right here ...
rbjtech 5284 Posted June 9, 2023 Posted June 9, 2023 (edited) 1 hour ago, Tbone1169 said: When I run this it prompts for password but won't allow me to type a password, I made sure I was running cmd as admin but it won't let me type anything in the password field. Any idea why that would be? To be 100% clear here - you obviously don't get to see what you type as enter the password, and after hitting ENTER you get an output. If the password is incorrect, then you get something like this - certutil -dump "certfile.pfx" Enter PFX password: Cannot decode object: The specified network password is not correct. 0x80070056 (WIN32: 86 ERROR_INVALID_PASSWORD) CertUtil: -dump command FAILED: 0x80070056 (WIN32: 86 ERROR_INVALID_PASSWORD) CertUtil: The specified network password is not correct. If the pasword is ok - certutil -dump "certfile.pfx" Enter PFX password: ================ Certificate 0 ================ ================ Begin Nesting Level 1 ================ ..... ---------------- End Nesting Level 1 ---------------- Provider = Microsoft RSA SChannel Cryptographic Provider Encryption test passed ================ Certificate 1 ================ ================ Begin Nesting Level 1 ================ ..... ---------------- End Nesting Level 1 ---------------- ..... CertUtil: -dump command completed successfully. If after hitting ENTER, you don't get anything - then I'd say the Cert if corrupt and you need to regenerate it. Edited June 9, 2023 by rbjtech
Tbone1169 1 Posted June 9, 2023 Author Posted June 9, 2023 1 hour ago, rbjtech said: To be 100% clear here - you obviously don't get to see what you type as enter the password, and after hitting ENTER you get an output. If the password is incorrect, then you get something like this - certutil -dump "certfile.pfx" Enter PFX password: Cannot decode object: The specified network password is not correct. 0x80070056 (WIN32: 86 ERROR_INVALID_PASSWORD) CertUtil: -dump command FAILED: 0x80070056 (WIN32: 86 ERROR_INVALID_PASSWORD) CertUtil: The specified network password is not correct. If the pasword is ok - certutil -dump "certfile.pfx" Enter PFX password: ================ Certificate 0 ================ ================ Begin Nesting Level 1 ================ ..... ---------------- End Nesting Level 1 ---------------- Provider = Microsoft RSA SChannel Cryptographic Provider Encryption test passed ================ Certificate 1 ================ ================ Begin Nesting Level 1 ================ ..... ---------------- End Nesting Level 1 ---------------- ..... CertUtil: -dump command completed successfully. If after hitting ENTER, you don't get anything - then I'd say the Cert if corrupt and you need to regenerate it. Okay so i've made some progress. I issued a new certificate from scratch with a new password. Emby is now showing https and port 8920 like it should under remote access. I checked the log and the network password error is now gone but for some reason when I try to access from outside my network using my domain and name and port 8920 I get the site can't be reached. Looks like the log is showing some sort of UPnp error now. embyserver (1).txt
pwhodges 2012 Posted June 9, 2023 Posted June 9, 2023 Maybe uPNP is turned off in your router. Good (It's a significant security weakness). If that is the case, you need to forward the Emby port by manual configuration. Paul 1
rbjtech 5284 Posted June 9, 2023 Posted June 9, 2023 (edited) 46 minutes ago, Tbone1169 said: Okay so i've made some progress. I issued a new certificate from scratch with a new password. Emby is now showing https and port 8920 like it should under remote access. I checked the log and the network password error is now gone but for some reason when I try to access from outside my network using my domain and name and port 8920 I get the site can't be reached. Looks like the log is showing some sort of UPnp error now. embyserver (1).txt 249.96 kB · 0 downloads Emby won't allow https unless the cert is good - so that's good news Almost there - https://emby.media/support/articles/Remote-Setup.html?q=remote%20access As you are using a domain name, it's important that your domain name DNS is kept up to date with your public IP address. So ensure ddns is also setup. The public IP on Emby, should match the public IP being reported by Google (ie 'what's my ip address') Edited June 9, 2023 by rbjtech
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now