Jump to content

Recommended Posts

Posted

I have lost my domain name so i have to start from scratch creating a new domain and certificate following the guide here

https://blog.awelswynol.co.uk/2018-01-setting-up-cloudflare-with-emby/

all ok until I create a new ssl certficate, and emby won't start unless I remove the certificate, as per above

Is there a way to fix / create the certificate so I can use it with emby to connect in conjunction with cloudflare?

Posted
4 hours ago, gnollo said:

I have lost my domain name so i have to start from scratch creating a new domain and certificate following the guide here

https://blog.awelswynol.co.uk/2018-01-setting-up-cloudflare-with-emby/

all ok until I create a new ssl certficate, and emby won't start unless I remove the certificate, as per above

Is there a way to fix / create the certificate so I can use it with emby to connect in conjunction with cloudflare?

Hi, let's start by looking at the problem in more detail:

Thanks !

Posted

is anyone using cloudflare to access emby? I cannot get it to work again for me.

GrimReaper
Posted

Have you looked at:

?

justinrh
Posted

If you use Cloudfare, do you need a cert?  I thought one of the main points of using CF is for it to provide the TLS machinery.

Posted
On 4/1/2023 at 12:21 PM, GrimReaper said:

Have you looked at:

?

That thread seems to me about the settings to turn on or of on Cloudflare. Not a tutorial on how to set up emby to work with cloudflare

Posted
On 4/1/2023 at 9:43 PM, justinrh said:

If you use Cloudfare, do you need a cert?  I thought one of the main points of using CF is for it to provide the TLS machinery.

https://blog.awelswynol.co.uk/2018-01-setting-up-cloudflare-with-emby/

according to this guide you need to, it was setup fine on my server, but I have tried to recreate it after my free website expired, and now emby crashes with the certificate I create following the tutorial

Posted

Is anyone actually using Cloudflare with Emby: I could do with some help setting it up again please.

KegTapper
Posted

I used the guide you posted to set up CF, pretty easily if I recall. But that was a few years ago. I then moved onto caddy2. And migrated once again to a CF tunnel a few months ago

Posted
18 hours ago, KegTapper said:

I used the guide you posted to set up CF, pretty easily if I recall. But that was a few years ago. I then moved onto caddy2. And migrated once again to a CF tunnel a few months ago

The guide has no pictures anymore, and CF changed a bit

This is what I see as options. Are you using full or full (strict)?

image.png.1e152ec46ed8d4f8f273eb3417647b71.png

Posted

also the guide says "Click Create Certificate, on the next screen leave everything default and click next."

I went to the create client certificate option under SSL/TSL and left everything as it is, see below

image.png.ce987ccafb187ae2b90c6b4eb3dfe760.png

 

Posted

Operating system: Linux version 5.19.14-Unraid (root@Develop) (gcc (GCC) 12.2.0, GNU ld version 2.39-slack151) #1 SMP PREEMPT_DYNAMIC Thu Oct 6 09:15:00 PDT 2022
        Framework: .NET 6.0.8
        OS/Process: x64/x64
        Runtime: system/System.Private.CoreLib.dll
        Processor count: 4
        Data path: /config
        Application path: /system
        System.InvalidOperationException: System.InvalidOperationException: Certificate [sequenceofnumbersremove] cannot be used as an SSL server certificate. It has an Extended Key Usage extension but the usages do not include Server Authentication (OID 1.3.6.1.5.5.7.3.1).
           at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.EnsureCertificateIsAllowedForServerAuth(X509Certificate2 certificate)
           at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware..ctor(ConnectionDelegate next, HttpsConnectionAdapterOptions options, ILoggerFactory loggerFactory)
           at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.<>c__DisplayClass12_0.<UseHttps>b__0(ConnectionDelegate next)
           at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.Build()
           at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.<>c__DisplayClass30_0`1.<<StartAsync>g__OnBind|0>d.MoveNext()
        --- End of stack trace from previous location ---
           at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context, CancellationToken cancellationToken)
           at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
           at Microsoft.AspNetCore.Server.Kestrel.Core.AnyIPListenOptions.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
           at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.EndpointsStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
           at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IEnumerable`1 listenOptions, AddressBindContext context, CancellationToken cancellationToken)
           at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
           at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
           at Microsoft.AspNetCore.Hosting.WebHost.StartAsync(CancellationToken cancellationToken)
           at Microsoft.AspNetCore.Hosting.WebHost.Start()
           at Emby.Server.Implementations.HttpServer.KestrelHost.KestrelListener.OnAddPrefixesComplete()
           at Emby.Server.Implementations.ApplicationHost.Init()
           at EmbyServer.HostedService.StartAsync(CancellationToken cancellationToken)
        Source: Microsoft.AspNetCore.Server.Kestrel.Core
        TargetSite: Void EnsureCertificateIsAllowedForServerAuth(System.Security.Cryptography.X509Certificates.X509Certificate2)

Info Main: Shutdown complete
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

** Press ANY KEY to close this window ** 

Posted

again Emby crashes if I use the certificate. If I remove it, emby will start again. I am stuck.

Posted

Please attach the complete server log, thanks.

pwhodges
Posted
58 minutes ago, gnollo said:

        System.InvalidOperationException: System.InvalidOperationException: Certificate [sequenceofnumbersremove] cannot be used as an SSL server certificate. It has an Extended Key Usage extension but the usages do not include Server Authentication

As the error message says, you are using a client certificate, not a server certificate which is what you need.

https://cheapsslsecurity.com/blog/client-certificate-vs-server-certificate-simplifying-the-difference/

Paul

Posted
16 hours ago, Luke said:

Please attach the complete server log, thanks.

I tried but to restart the server I had to remove the certificate, and after the restart the error message disappears for some reason.

  • Thanks 1
Posted (edited)

I a going to try to create another certificate

image.png.79917669c1b9f974ebdd4b4f00142e40.png

this is the default optio

 

Edited by gnollo

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...