gnollo 17 Posted March 31, 2023 Posted March 31, 2023 I have lost my domain name so i have to start from scratch creating a new domain and certificate following the guide here https://blog.awelswynol.co.uk/2018-01-setting-up-cloudflare-with-emby/ all ok until I create a new ssl certficate, and emby won't start unless I remove the certificate, as per above Is there a way to fix / create the certificate so I can use it with emby to connect in conjunction with cloudflare?
Luke 42080 Posted March 31, 2023 Posted March 31, 2023 4 hours ago, gnollo said: I have lost my domain name so i have to start from scratch creating a new domain and certificate following the guide here https://blog.awelswynol.co.uk/2018-01-setting-up-cloudflare-with-emby/ all ok until I create a new ssl certficate, and emby won't start unless I remove the certificate, as per above Is there a way to fix / create the certificate so I can use it with emby to connect in conjunction with cloudflare? Hi, let's start by looking at the problem in more detail: How to Report a Problem Thanks !
gnollo 17 Posted March 31, 2023 Author Posted March 31, 2023 here is the server log file embyserver.txt
gnollo 17 Posted April 1, 2023 Author Posted April 1, 2023 is anyone using cloudflare to access emby? I cannot get it to work again for me.
justinrh 260 Posted April 1, 2023 Posted April 1, 2023 If you use Cloudfare, do you need a cert? I thought one of the main points of using CF is for it to provide the TLS machinery.
gnollo 17 Posted April 4, 2023 Author Posted April 4, 2023 On 4/1/2023 at 12:21 PM, GrimReaper said: Have you looked at: ? That thread seems to me about the settings to turn on or of on Cloudflare. Not a tutorial on how to set up emby to work with cloudflare
gnollo 17 Posted April 4, 2023 Author Posted April 4, 2023 On 4/1/2023 at 9:43 PM, justinrh said: If you use Cloudfare, do you need a cert? I thought one of the main points of using CF is for it to provide the TLS machinery. https://blog.awelswynol.co.uk/2018-01-setting-up-cloudflare-with-emby/ according to this guide you need to, it was setup fine on my server, but I have tried to recreate it after my free website expired, and now emby crashes with the certificate I create following the tutorial
gnollo 17 Posted April 4, 2023 Author Posted April 4, 2023 Is anyone actually using Cloudflare with Emby: I could do with some help setting it up again please.
KegTapper 8 Posted April 4, 2023 Posted April 4, 2023 I used the guide you posted to set up CF, pretty easily if I recall. But that was a few years ago. I then moved onto caddy2. And migrated once again to a CF tunnel a few months ago
gnollo 17 Posted April 5, 2023 Author Posted April 5, 2023 18 hours ago, KegTapper said: I used the guide you posted to set up CF, pretty easily if I recall. But that was a few years ago. I then moved onto caddy2. And migrated once again to a CF tunnel a few months ago The guide has no pictures anymore, and CF changed a bit This is what I see as options. Are you using full or full (strict)?
gnollo 17 Posted April 5, 2023 Author Posted April 5, 2023 also the guide says "Click Create Certificate, on the next screen leave everything default and click next." I went to the create client certificate option under SSL/TSL and left everything as it is, see below
gnollo 17 Posted April 5, 2023 Author Posted April 5, 2023 Operating system: Linux version 5.19.14-Unraid (root@Develop) (gcc (GCC) 12.2.0, GNU ld version 2.39-slack151) #1 SMP PREEMPT_DYNAMIC Thu Oct 6 09:15:00 PDT 2022 Framework: .NET 6.0.8 OS/Process: x64/x64 Runtime: system/System.Private.CoreLib.dll Processor count: 4 Data path: /config Application path: /system System.InvalidOperationException: System.InvalidOperationException: Certificate [sequenceofnumbersremove] cannot be used as an SSL server certificate. It has an Extended Key Usage extension but the usages do not include Server Authentication (OID 1.3.6.1.5.5.7.3.1). at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.EnsureCertificateIsAllowedForServerAuth(X509Certificate2 certificate) at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware..ctor(ConnectionDelegate next, HttpsConnectionAdapterOptions options, ILoggerFactory loggerFactory) at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.<>c__DisplayClass12_0.<UseHttps>b__0(ConnectionDelegate next) at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.Build() at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.<>c__DisplayClass30_0`1.<<StartAsync>g__OnBind|0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Core.AnyIPListenOptions.BindAsync(AddressBindContext context, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.EndpointsStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IEnumerable`1 listenOptions, AddressBindContext context, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken) at Microsoft.AspNetCore.Hosting.WebHost.StartAsync(CancellationToken cancellationToken) at Microsoft.AspNetCore.Hosting.WebHost.Start() at Emby.Server.Implementations.HttpServer.KestrelHost.KestrelListener.OnAddPrefixesComplete() at Emby.Server.Implementations.ApplicationHost.Init() at EmbyServer.HostedService.StartAsync(CancellationToken cancellationToken) Source: Microsoft.AspNetCore.Server.Kestrel.Core TargetSite: Void EnsureCertificateIsAllowedForServerAuth(System.Security.Cryptography.X509Certificates.X509Certificate2) Info Main: Shutdown complete [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] waiting for services. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. ** Press ANY KEY to close this window **
gnollo 17 Posted April 5, 2023 Author Posted April 5, 2023 again Emby crashes if I use the certificate. If I remove it, emby will start again. I am stuck.
pwhodges 2012 Posted April 5, 2023 Posted April 5, 2023 58 minutes ago, gnollo said: System.InvalidOperationException: System.InvalidOperationException: Certificate [sequenceofnumbersremove] cannot be used as an SSL server certificate. It has an Extended Key Usage extension but the usages do not include Server Authentication As the error message says, you are using a client certificate, not a server certificate which is what you need. https://cheapsslsecurity.com/blog/client-certificate-vs-server-certificate-simplifying-the-difference/ Paul
gnollo 17 Posted April 6, 2023 Author Posted April 6, 2023 15 hours ago, pwhodges said: As the error message says, you are using a client certificate, not a server certificate which is what you need. https://cheapsslsecurity.com/blog/client-certificate-vs-server-certificate-simplifying-the-difference/ Paul Thank you, I'm guessing origin server is the option to use on CF
gnollo 17 Posted April 6, 2023 Author Posted April 6, 2023 16 hours ago, Luke said: Please attach the complete server log, thanks. I tried but to restart the server I had to remove the certificate, and after the restart the error message disappears for some reason. 1
gnollo 17 Posted April 9, 2023 Author Posted April 9, 2023 (edited) I a going to try to create another certificate this is the default optio Edited April 9, 2023 by gnollo
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now