Jdiesel 1431 Posted September 25, 2017 Posted September 25, 2017 (edited) I am working on creating a simple guide to use a purchased SSL certificate on Emby without the need for generating it yourself or any additional software. The problem is that in order to activate the cert it asks that the activation file be place on the webserver in a specific location that is accessible from the web. Ex. http://yourdomain.com//.well-known/pki-validation//activation.txt Is there anyway of tricking the webserver that Emby is built on to host a file at a specified address? If I have to end up setting up a separate webserver just to activate the SSL cert it will be no simpler than generating one with Letsencrypt. The best option would be if Emby included an option to upload and host the activation file temporary within Emby itself. I haven't used a purchased SSL cert before but I would that most providers work in a similar fashion. Edited September 25, 2017 by Jdiesel
Luke 42080 Posted September 26, 2017 Posted September 26, 2017 you could put some files under dashboard-ui and it will work as of today, although it would be working by accident and not really by intention.
Jdiesel 1431 Posted September 26, 2017 Author Posted September 26, 2017 I have bought lots and lots of certificates before, I rearly come across one that uses http verification since it is not a proper way to certify ownership, better option would be for them to use email from whois or some DNS, new rules for CA Forum states that you should use a CAA to get a certificate. https://cabforum.org/2017/03/08/ballot-187-make-caa-checking-mandatory/ If you realy need to verify it is a one off so a simple instance of any httpd server will do the job, Lets encrypt uses it own pico server for this, but there are better ways. DNS activation is an option and in my case that is how I ended up activating my cert but it doesn't look like DNS activation is an option for those running a dynamic DNS like No-IP or FreeDNS. This isn't a problem if you also have a domain name but I'm trying to make things both cheap and simple. I was hoping to make a guide for people to setup a signed cert with no need for external applications or dealing with renewals.
Tur0k 148 Posted September 26, 2017 Posted September 26, 2017 (edited) Here, I use a google domain ($12 annually, I get a public DNS tool and I can have any number of conventional records and support a+/DDNS custom records) and let's encrypt (free if you are willing to setup scripts to reissue ever 90 days and restart your web server. You end up having to get an ACME Tool to manage your certs. Let's encrypt allows users to authorize DNS lookup using txt records on their domain's public DNS. In my case I have my Acme client and a reverse proxy setup on my firewall. In my Acme client I have scripts setup to restart my My public secured reverse proxy, and any other services in my network that use the certs. If you were able to get an acme client that supports scripting you should be able to get it to restart your Emby service and reload the cert. Sent from my iPhone using Tapatalk Edited September 26, 2017 by Tur0k
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now