SSL not working: ERR_CONNECTION_RESET

[Eike Cochu 0]

Hello,

I am running Emby 4.4.3.0 on my Ubuntu 20.04 machine via docker and it is working fine through the 8096 port, but not through the 8920 port. I have set up SSL certificate accordingly, but the connection is always reset in chrome with the message "ERR_CONNECTION_RESET", the log file shows "The handshake failed due to an unexpected packet format.". I experimented a bit with the pfx file generation (I am using a letsencrypt certificate with ddns), with/without password etc. but nothing works. I have also searched this and other forums and a lot of people seemed to have this problem in 2018, but not recently?

I attached a logfile and my ssl configuration.

The cmd I used to generate my archive.pfx is

openssl pkcs12 -export -out /store4/docker/emby/archive.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:

I also tried with a password, like this:

openssl pkcs12 -export -out /store4/docker/emby/archive.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:emby

As I should also mention, I mapped the docker /config directory to /store4/docker/emby and I saved the archive.pfx file directly to that location. I also tried fiddling with the pfx file permissions, 777, 644, 600 etc. and the ownership, root.root, 1000.1000 etc, none work. My emby docker is set up to use UID/GID 1000/1000 as that is also my default user.

This is the command I used to launch my docker container:

sudo docker run -d --name emby --restart always -v /store4/docker/emby:/config -v /store1:/store1 -v /store2:/store2 -v /store3:/store3 -v /store4:/store4 -v /store5:/store5 --device /dev/dri:/dev/dri --publish 8096:8096 --publish 8920:8920 --env UID=1000 --env GID=1000 --env GIDLIST=100,1000,44,118 emby/embyserver:latest

where in GIDLIST 44 is the video group and 118 is the render group.

The certificate I am using is registered to my domain cochu.io and is valid and working properly for other sites.

Regards

embyserver.txt

[Luke 42078]

Hi there, are you sure the pfx is valid? As a test, could you try it with our native ubuntu package?

[Eike Cochu 0]

I tried the native package, still the same result. The pfx should be valid, I used openssl to verify the password and it was accepted. Just to be sure I switched to the one I use for my plex server, which definitely works, but the same result.

Proof that my letsencrypt pfx is working:

I also tried the instructions described here 

 to make sure the file is correct. After restarting the service, it binds to port 8920:

tcp6       0      0 :::8920                      :::*                    LISTEN    997        101623173  1768296/EmbyServer <-- ssl
tcp6       0      0 :::8096                      :::*                    LISTEN    997        101623168  1768296/EmbyServer
udp        0      0 0.0.0.0:55974          0.0.0.0:*                           997        101623176  1768296/EmbyServer
udp        0      0 0.0.0.0:7359            0.0.0.0:*                           997        101623177  1768296/EmbyServer
udp        0      0 0.0.0.0:1900            0.0.0.0:*                           997        101623175  1768296/EmbyServer

This is my cert file with access and ownership:

but in chrome it is still ERR_CONNECTION_RESET. I checked the logfile and it shows the same error, The handshake failed due to an unexpected packet format.

embyserver.txt

[Luke 42078]

What address are you testing with in the browser address bar?

[Eike Cochu 0]

You know...... I really tried accessing emby with my external domain name. It was not working! Now it works. I tried changing the settings to break it again but it works flawlessly now. It is not working with my internal ip and I suppose that is some kind of design decision because I would have expected for that to work even if it would be invalid but whatever. External access now works fine over SSL. Thanks for your patience.

[Luke 42078]

Thanks for the feedback.