pir8radio 1312 Posted February 6, 2019 Posted February 6, 2019 I did wonder if that was the case, but if so why if I convert the cert to a .pfx and import to emby, connect directly does sync work? It’s the actual cert, it’s not widely accepted. Meaning android os Doesn’t trust your cert provider or particular cert. Sent from my iPhone using Tapatalk
pir8radio 1312 Posted February 6, 2019 Posted February 6, 2019 It’s the actual cert, it’s not widely accepted. Meaning android os Doesn’t trust your cert provider or particular cert. Never mind I thought you said it didn’t work either way. Sent from my iPhone using Tapatalk Sent from my iPhone using Tapatalk
jon_ 27 Posted February 6, 2019 Author Posted February 6, 2019 OK - so we have progress... It looks like you need to manipulate the cert for nginx to include the chain: SSL certificate chainsSome browsers may complain about a certificate signed by a well-known certificate authority, while other browsers may accept the certificate without issues. This occurs because the issuing authority has signed the server certificate using an intermediate certificate that is not present in the certificate base of well-known trusted certificate authorities which is distributed with a particular browser. In this case the authority provides a bundle of chained certificates which should be concatenated to the signed server certificate. The server certificate must appear before the chained certificates in the combined file: $ cat www.example.com.crt bundle.crt > www.example.com.chained.crt The resulting file should be used in the ssl_certificate directive: server {listen 443 ssl;server_name www.example.com;ssl_certificate www.example.com.chained.crt;ssl_certificate_key www.example.com.key;...} I've merged the cert and the chain, and now downloads don't fail immediately, they start off... They then appear to hang, but it's another step closer to working...
pir8radio 1312 Posted February 6, 2019 Posted February 6, 2019 OK - so we have progress... It looks like you need to manipulate the cert for nginx to include the chain: I've merged the cert and the chain, and now downloads don't fail immediately, they start off... They then appear to hang, but it's another step closer to working... Hanging we can troubleshoot. Good work with the cert. Sent from my iPhone using Tapatalk
jon_ 27 Posted February 6, 2019 Author Posted February 6, 2019 I was testing on my phone connected to my guest wifi, which is 'pseudo external'. If I disconnect and drop to cellular downloads kick off as usual, so success! We probably need to document the cert changes needed for letsencrypt somewhere as I'd imagine it will crop up again... 1
jon_ 27 Posted February 6, 2019 Author Posted February 6, 2019 Have created a howto post, hopefully it'll help anyone else who runs into the same issue in the future https://emby.media/community/index.php?/topic/69712-letsencrypt-certs-and-reverse-proxies/
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now