SSL made easy

November 25, 2024

Your script to generate your key should include your password and added to the network settings in your Emby server.

Here's my batch file script to generate my key for my domain and Emby.

cd c:\ZeroSSL
@[member="Echo"] off
le64 --key account.key --csr domain.csr --csr-key domain.key --crt certificate.csr --domains DOMAINHERE.com --generate-missing --handle-as dns --export-pfx PASSWORDHERE --live
pause

The capped domain and password, you would add yourself.

Then in your settings in Emby

You will need (if you don't already have it) le64.exe execute file in your ZeroSSL folder, for those who may not know.

November 25, 2024

2 hours ago, Carlo said:

Is your server hosted outside your home LAN? If so, does it have a public IP or a private IP address?

@CarloNo, the server is on my home LAN.

December 1, 2024

On 11/23/2024 at 3:14 PM, Luke said:

OK please let us know how things go. Thanks.

@LukeTo follow-up, my new network hardware arrived and I configured port-forwarding on 8920 but I'm still unable to connect remotely. On a side note I also configured port-forwarding for my Plex installation and it worked flawlessly from the start. Clearly Plex has their remote connection feature dialed-in. It's definitely a more user-friendly approach. It looks like I will have to use Plex when (securely) connecting remotely until I can get Emby sorted out.

December 1, 2024

17 minutes ago, EkoOne said:

@LukeClearly Plex has their remote connection feature dialed-in.

Port forwarding happens in the router regardless of what software you use. Keep in mind they have a relay feature that automatically kicks in when a direct connection isn't possible, where they can route everything through their servers in order to make remote access possible. A fair number of users end up using this without even realizing it. They attempt to configure port forwarding, the direct connection fails but Plex apps still remain functional due to the relay feature. This also leads to users getting the impression that remote connections are easier with Plex, but once they learn how the relay feature routes everything through Plex servers, many end up deciding they don't want that to happen.

Anyway the point is that remote access is something you need to setup in your router, and this part of the process will be the same whether it's Plex or Emby that you're connecting with:

Remote Setup

December 1, 2024

1 hour ago, EkoOne said:

@LukeTo follow-up, my new network hardware arrived and I configured port-forwarding on 8920 but I'm still unable to connect remotely. On a side note I also configured port-forwarding for my Plex installation and it worked flawlessly from the start. Clearly Plex has their remote connection feature dialed-in. It's definitely a more user-friendly approach. It looks like I will have to use Plex when (securely) connecting remotely until I can get Emby sorted out.

if you go here and select your port and its showing closed its a router setting/firewall setting on the os you are hosting. unless your isp is blocking ports which is very very unlikely.

https://www.yougetsignal.com/tools/open-ports/

post a few pics of your router settings maybe someone here can help.

if you think you have the router setup properly turn off the os firewall while testing tol see if its the os (sodtware firewall) thisk will ruile that out.

---

last thing to try is dont ridirect the ports. get 8920 working all the way through. set emby to 8920 and external 8920.

this is opnsense firewall

Edited December 1, 2024 by bandit8623

December 1, 2024

I understand port-forwarding is a hardware function and as I mentioned previously my old router was not working correctly in this (port-forwarding) regard.

I agree that having things relayed through Plex servers is far from ideal for any number of reasons, no question. But when viewed from the perspective of a typical non-technical user just wanting to stream their content remotely the Plex approach has fewer technical hurdles, albeit with obvious privacy concerns. I'm not saying it's a "better" approach, or safer, but it is less complicated and for the average person that's often all they care about.

December 1, 2024

7 minutes ago, EkoOne said:

I understand port-forwarding is a hardware function and as I mentioned previously my old router was not working correctly in this (port-forwarding) regard.

I agree that having things relayed through Plex servers is far from ideal for any number of reasons, no question. But when viewed from the perspective of a typical non-technical user just wanting to stream their content remotely the Plex approach has fewer technical hurdles, albeit with obvious privacy concerns. I'm not saying it's a "better" approach, or safer, but it is less complicated and for the average person that's often all they care about.

what you said is correct. but all your data is going through plex servers. if you are ok with that then all good. the reason many of use dont want that is privacy/ data concerns. in fact plex has has a few big breaches. but yes it is easier to setup.

December 1, 2024

When Plex routes your connection through their servers, the reason may be that your ISP is preventing a direct connection. As Emby doesn't run servers to do that job, in those cases it is necessary to find another way around the ISP's blockage, which will typically be some thing like Tailscale or a routable VPN.

Paul

December 2, 2024

I feel the same as many of you do about going through Plex servers: I don't like it. However, until I can get Emby to play nicely it's a compromise I'm willing to make. I don't consider it a permanent or long-term solution.

Going back to the original connection issue I'm positive my Emby network settings are correct and I know the SSL cert. has been properly installed and port-forwarding configured correctly. Maybe it's my ISP (Comcast / Xfinity) or maybe it's my ZeroSSL cert., I don't know but it's so frustrating.

Edited December 2, 2024 by EkoOne

December 2, 2024

14 minutes ago, EkoOne said:

I feel the same as many of you do about going through Plex servers: I don't like it. However, until I can get Emby to play nicely it's a compromise I'm willing to make. I don't consider it a permanent or long-term solution.

Going back to the original connection issue I'm positive my Emby network settings are correct and I know the SSL cert. has been properly installed and port-forwarding configured correctly. I don't know enough about SSL certs. but something about my ZeroSSL cert. must be causing a problem that browsers are refusing connection. So frustrating.

so you get a port is open when running https://www.yougetsignal.com/tools/open-ports/ ?

the ssl doesnt have anything to do with that portion. if port is closed your ssl wont work

even if your cert was not set up but u had port forwarding set up correct you would just get a message like this.

Are you doing the same port on the host and wan? or is it diff?

Edited December 2, 2024 by bandit8623

December 2, 2024

5 minutes ago, EkoOne said:

I feel the same as many of you do about going through Plex servers: I don't like it. However, until I can get Emby to play nicely it's a compromise I'm willing to make. I don't consider it a permanent or long-term solution.

Going back to the original connection issue I'm positive my Emby network settings are correct and I know the SSL cert. has been properly installed and port-forwarding configured correctly. I don't know enough about SSL certs. but something about my ZeroSSL cert. must be causing a problem that browsers are refusing connection. So frustrating.

No. If you can connect locally to the HTTPS port then it's not the cert. Forget about the cert and work on testing your connectivity.

1. Can you connect to your server, via browser, from a separate machine/device to the HTTP and HTTPS ports from your LAN using your LAN IP?

2. Can you do the same, via browser, from a separate machine using your WAN IP?

If it doesn't work on LAN then look into your server's (Windows?) firewall. If it works on LAN but not WAN then look into your router and port forwarding. If both LAN and WAN IP connections work then fix your DNS for the public domain.

You mentioned that port 443 was working. If this is true are you using a reverse proxy or running services on 443?

December 2, 2024

@bandit8623Using that tool port 8920 is still closed but 443 is open. It should be open, port forwarding on 8920 is configured.

December 2, 2024

27 minutes ago, EkoOne said:

@bandit8623Using that tool port 8920 is still closed but 443 is open. It should be open, port forwarding on 8920 is configured.

if you goal is to have 443 open on the outside web then its possibly correct. is this the only service you have coming in on 443?

image.png.4f74f054dba68e0e4db55ed1fb697754.png

unless reverse prox is used

if you want 8920 to be open to internet(wan) then its not properly port forwarded. if it was the tool would show 8920 open..

Edited December 2, 2024 by bandit8623

December 2, 2024

Well sure, ALL of my services come in on 443, they simply use different subdomains. EG emby.mydomain.com , immich.mydomain.com, calibre.mydomain.com and so on and so forth.

It's literally an hours work to set this up using cloudflare and a reverse proxy like caddy. Then it just works, first time every time, you don't even need a static ip.

Using Caddy for automatic SSL certificates with Cloudflare - Roelof Jan Elsinga

December 3, 2024

20 hours ago, Trevor68 said:

Well sure, ALL of my services come in on 443, they simply use different subdomains. EG emby.mydomain.com , immich.mydomain.com, calibre.mydomain.com and so on and so forth.

It's literally an hours work to set this up using cloudflare and a reverse proxy like caddy. Then it just works, first time every time, you don't even need a static ip.

Using Caddy for automatic SSL certificates with Cloudflare - Roelof Jan Elsinga

if you can get to emby locally (local machine to a diff local machine)then something is amiss with your proxy setup.

you could try no proxy for now just open up 8920 directly pass the port from host to web to see if that at least works. then you can run the port tool to see if 8920 is actually getting forwarded.

Edited December 3, 2024 by bandit8623

December 3, 2024

Thank you to everyone who has offered help and suggestions but despite my best efforts I'm still unable to make any real progress, and that's ok. Getting this to work was always more of a curiosity than a priority and I have spent as much time as I'm able and willing to give it right now. I can always revisit it if/when time allows. Hopefully your suggestions will be of help to others.

Thanks again.

January 31, 2025

On 10/8/2024 at 9:55 PM, Saberoz said:

Thought this might help everyone.
It is by far the easiest and simplest way I have found to get my SSL setup. (not my video)

You do need to have a Docker installed and your own domain as you will be using cloudflare but after banging my head trying to get SSL working. I had this up and running in like 10 mins.

the cost - $10 bucks a year for a custom domain. Best $10 bucks I ever spent.

Works a treat.

I do use this for many things and it DOES work well.

For Emby I prefer to use a reverse proxy (I use HaProxy on my pFsense router) - which works well too. It was pointed out to me that the streaming site through Cloudflare Tunnels violates their terms of service -- woulld hate to lose it for all th eother things I use it for! Can anyonoe confirm whether or not Cloudflare has ever flagged an account for using this for Emby or similar??

Edited January 31, 2025 by Ahole

August 17, 2025

I did not read through all 12 pages of this... but I would put in a little caveat. I am not paying anything for my domain Here is how i do it...

1. i register a domain with DDNS provider freemyip.com (its really free too) and then i can basically have unlimited subdomains. so i had afogleson.freemyip.com registered. (for some reason the api key / token does not work anymore so i am waiting for that to expire while i use a different domain name) and i have N servers up (say I want to access apache (www.afogleson.freemyip.com) and emby (emby.afogleson.freemyip.com) there i have a domain and i can set up my ssl certificates for afogleson.freemyip.com If i get really really ambitous i can write up how I did this all with haproxy (method 1) and with Apache web server as a reverse proxy. essentially my router forwards all traffic for afogleson.freemyip.com to my ha proxy and it serves things up. the nice thing about ha proxy is you can also deal with non http/s requests (like sftp, or ssh and so on) and doing ssh emby.afogleson.freemyip.com will automagically send that request to my internal emby server. right now i only forward to a box in the dmz that punch through the dmz to ssh internally to say 10.10.1.92 or such. At any rate you dont need to BUY a domain if you are ok with the "freemyip.com" addition to whatever you pick as your upper domain name

Edited August 17, 2025 by afogleson

November 16, 2025

im royaly peeved off, please update your guide to reflect that square-space who now own the domain purchasing doesnt support dynamic DNS or direct hosting. i just wasted money that could have been better spent

Edited November 16, 2025 by Isekai

November 16, 2025

OP has not visited the forums in quite some time, I'll temporary append the first post, but as with any tutorial, guide or how-to (in particular for matters not strictly related to Emby): always DYOR first.

Edited November 16, 2025 by GrimReaper
Guide amended

January 21

لا يعمل المفتاح

January 21

@modi_808what key?

Quick Start

January 23

Cómo hago para dentraar por ver en tv emby

January 23

8 minutes ago, Kirito03 said:

Cómo hago para dentraar por ver en tv emby

Quick Start

Sign In

SSL made easy

Recommended Posts

Teknician 4

EkoOne 5

EkoOne 5

Luke 42077

bandit8623 213

EkoOne 5

bandit8623 213

pwhodges 2012

EkoOne 5

bandit8623 213

Q-Droid 989

EkoOne 5

bandit8623 213

Trevor68 70

bandit8623 213

EkoOne 5

Ahole 17

afogleson 15

Isekai 0

GrimReaper 4739

modi_808 0

Neminem 1515

Guest

Luke 42077

Create an account or sign in to comment

Create an account

Sign in

Activity