Davicom 5 Posted April 27, 2021 Posted April 27, 2021 Hi all, I'll try to follow some guide, but without success, emby still running on port http. Could you explain me, how can I do to set correctly https (someone with noip certifications or others)? The online tutorials are very old, and very several different Thanks
Davicom 5 Posted April 27, 2021 Author Posted April 27, 2021 I tried to create an ssl certificate from noip, but evidently it was not compatible with emby: Jenny B (No-IP) Apr 13, 2021, 11:19 AM PDT Hello, Thank you for contacting No-IP support. My name is Jenny, and I will be happy to assist you. Unfortunately we do not have any documentation for pkcs12 certificates
Q-Droid 989 Posted April 27, 2021 Posted April 27, 2021 Did you read through the Emby KB article for this? https://support.emby.media/support/solutions/articles/44001160086-secure-your-server
Davicom 5 Posted April 27, 2021 Author Posted April 27, 2021 yes, but i can't obtain two txt, and howewhere when i load the txt on dns records on noip i can't verify it. I think this guide is out of date.
Q-Droid 989 Posted April 27, 2021 Posted April 27, 2021 Do you already have a valid cert for your domain, from noip or someone else?
Davicom 5 Posted April 27, 2021 Author Posted April 27, 2021 when i create this, from noip, there's no option for pkcs12 certificate. so i cannot integer it in emby. I follow some guide to convert it, but withou success. But if you could guide me I can try again
Davicom 5 Posted April 27, 2021 Author Posted April 27, 2021 So now i am trying again, could you support me? What kind of type of server do I need?
Q-Droid 989 Posted April 27, 2021 Posted April 27, 2021 (edited) Can't see the full list. I would select the option that gives you a PEM (Base64) encoded cert. Edited April 27, 2021 by Q-Droid
Davicom 5 Posted April 27, 2021 Author Posted April 27, 2021 After that, there is IBM HTTP Plesk Tomcat Weblogic - All version OReilly WebSite Professional Webstar Zeus +v3+ Other --> this is that I setted last time
Q-Droid 989 Posted April 27, 2021 Posted April 27, 2021 Yes, "Other" should work. The cert can be converted if necessary. After you get the cert you can then run openssl from command line to create the pkcs12 (pfx) file for emby. There are many examples in this forum showing how.
Q-Droid 989 Posted April 27, 2021 Posted April 27, 2021 1 hour ago, Davicom said: After that, there is IBM HTTP Plesk Tomcat Weblogic - All version OReilly WebSite Professional Webstar Zeus +v3+ Other --> this is that I setted last time The next steps depend on what noip gives you, I'm assuming a zip file with your cert and chain/intermediate files. If they give you multiple files and one includes the cert+full chain the way LetsEncrypt does then use this: openssl pkcs12 -export -in <path to full chain file> -inkey <path to private key file> -out <pfx file> If they give you separate server cert and chain/intermediate files then use this: openssl pkcs12 -export -in <path to cert file> -inkey <path to private key file> -certfile <path to chain file> -out <pfx file> Run this to verify your pfx file: openssl pkcs12 -info -in <pfx file> -nodes I usually recommend you create a directory under the emby home, like /var/lib/emby/ssl. Make sure the dir is owned by emby and copy the pfx file there, also make sure it's owned by emby. Update the Emby network settings to match domain, path to pfx and password. Then restart the emby server.
Davicom 5 Posted April 28, 2021 Author Posted April 28, 2021 8 hours ago, Q-Droid said: The next steps depend on what noip gives you, I'm assuming a zip file with your cert and chain/intermediate files. If they give you multiple files and one includes the cert+full chain the way LetsEncrypt does then use this: openssl pkcs12 -export -in <path to full chain file> -inkey <path to private key file> -out <pfx file> If they give you separate server cert and chain/intermediate files then use this: openssl pkcs12 -export -in <path to cert file> -inkey <path to private key file> -certfile <path to chain file> -out <pfx file> Run this to verify your pfx file: openssl pkcs12 -info -in <pfx file> -nodes I usually recommend you create a directory under the emby home, like /var/lib/emby/ssl. Make sure the dir is owned by emby and copy the pfx file there, also make sure it's owned by emby. Update the Emby network settings to match domain, path to pfx and password. Then restart the emby server.
Davicom 5 Posted April 28, 2021 Author Posted April 28, 2021 Infinite thanks for your support, your explanation is very clear, but I hope that this time I didn't spend 19$ for nothing. So I have a doubt on next step, I load a picture for detail. I presume I need to generate a CSR from my Ubuntu with openssl... Thanks
Davicom 5 Posted April 28, 2021 Author Posted April 28, 2021 Edit. If and when I generate CSR file on my ubuntu with openssl, do i need to insert real information or it isn't needed?
Q-Droid 989 Posted April 28, 2021 Posted April 28, 2021 I thought you were further along and already had the cert. And yes, I figured you had already spent the money which is why I hadn't suggested going the free route. The cert from noip should be good for a year, right? That gives you time to figure out how to do this with a free cert. I don't know what info noip requires for the cert. You can try creating a csr with only your domain, the CN. The link below is from noip with the steps to create from the command line. Pay attention to "For some fields there will be a default value, If you enter ‘.’, the field will be left blank." Enter . for everything except Common Name (domain). You can run this many times if you need to but make sure you keep the private key belonging to the csr you finally submit to noip. https://www.noip.com/support/knowledgebase/apache-openssl/ If they accept the csr with only the domain info then you can proceed with the steps I posted yesterday.
Davicom 5 Posted April 28, 2021 Author Posted April 28, 2021 1 minute ago, Q-Droid said: I thought you were further along and already had the cert. And yes, I figured you had already spent the money which is why I hadn't suggested going the free route. The cert from noip should be good for a year, right? That gives you time to figure out how to do this with a free cert. I don't know what info noip requires for the cert. You can try creating a csr with only your domain, the CN. The link below is from noip with the steps to create from the command line. Pay attention to "For some fields there will be a default value, If you enter ‘.’, the field will be left blank." Enter . for everything except Common Name (domain). You can run this many times if you need to but make sure you keep the private key belonging to the csr you finally submit to noip. https://www.noip.com/support/knowledgebase/apache-openssl/ If they accept the csr with only the domain info then you can proceed with the steps I posted yesterday. infinite thanks for your time
Davicom 5 Posted April 30, 2021 Author Posted April 30, 2021 On 4/27/2021 at 10:20 PM, Q-Droid said: The next steps depend on what noip gives you, I'm assuming a zip file with your cert and chain/intermediate files. If they give you multiple files and one includes the cert+full chain the way LetsEncrypt does then use this: openssl pkcs12 -export -in <path to full chain file> -inkey <path to private key file> -out <pfx file> If they give you separate server cert and chain/intermediate files then use this: openssl pkcs12 -export -in <path to cert file> -inkey <path to private key file> -certfile <path to chain file> -out <pfx file> Run this to verify your pfx file: openssl pkcs12 -info -in <pfx file> -nodes I usually recommend you create a directory under the emby home, like /var/lib/emby/ssl. Make sure the dir is owned by emby and copy the pfx file there, also make sure it's owned by emby. Update the Emby network settings to match domain, path to pfx and password. Then restart the emby server. you should create a guide! your tips working perfectly! 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now