Certificate Support


#1

I can’t figure it out. If I pay for the installation, will you all set up the certificate so that when using emby I am able to access the https ports?


#2

Currently we will walk you through this. However; with the launch of our new site this coming Friday, the add-on will be presented and much clearer in terms of what comes with the Guru Installation Service.


#3

You mind helping me out step by step? I mean I have followed the tutorials for lets encrypt etc. I get the certificate installed and when I log into my custom domain it pulls up quickbox without any issues. The issue is when using the custom port for emby is when it flags the certificate error.

I erased my server drive and will reinstall quickbox and the certificate. If you don’t mind telling me how I can get the certificate to attach to the emby port I would owe you a huge favor.


#4

What is the custom port you are declaring? Is it actively changing the port?
The following is the config we have implemented and with Let’s Encrypt I have yet to encounter any issues:

<Location /emby>
  Satisfy Any
  order deny,allow
  deny from all
  allow from all
  ProxyPass http://localhost:8096/emby
  ProxyPassReverse http://localhost:8096/emby
</Location>

<Location /embyws>
  Satisfy Any
  order deny,allow
  deny from all
  allow from all
  ProxyPass ws://localhost:8096/embyws
  ProxyPassReverse ws://localhost:8096/embyws
</Location>

I have had even greater success with the following. Note, this will require a subdomain such as emby.domain.com. You can replace the current configuration with this at /etc/apache2/sites-enabled/emby.conf:

<IfModule mod_ssl.c>
<VirtualHost *:80>
        ServerName cname.domain.com
        ServerAdmin [email protected]

	RewriteEngine on
	RewriteCond %{SERVER_NAME} =cname.domain.com
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<VirtualHost *:443>
	ServerName cname.domain.com
	ServerAdmin [email protected]

	<proxy *>
	AddDefaultCharset off
	Order Allow,Deny
	Allow from all
	</proxy>

	ProxyRequests     Off
	ProxyPreserveHost On

	ProxyPass "/embywebsocket" "ws://127.0.0.1:8096/embywebsocket"
	ProxyPassReverse "/embywebsocket" "ws://127.0.0.1:8096/embywebsocket"

	ProxyPass "/" "http://127.0.0.1:8096/"
	ProxyPassReverse "/" "http://127.0.0.1:8096/"

	SSLCertificateFile /etc/letsencrypt/live/cname.domain.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/cname.domain.com/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

#5

Well I am using it at a subdomain. The https port is 8092 though isn’t it? That is where I am running into the issues. Whenever I am trying to use the SSL version of the site.


#6

The default port is fine as we forward it to handle secure requests… as well as protecting the port from nefarious entry.

Place the port back to 8096 and see if that helps.


#7

So in the Emby Settings change the https port back to 8096?


#8

You are correct! :smiley:


#9

Okay, I’ll check back in with you shortly. Thanks for the assist!


#11

Okay, so when I try to navigate to https://myserveraddress:8096 it doesn’t connect even after changing the ports in emby. I get the following Error:

Secure connection failed

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.


#12

Alright I got this to connect to the https site using port 8096 after tinkering with it. However I am not getting this error when connecting to Emby. The owner of “MY SITE” has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. I know I can store an exception on my browser, but I still can’t use the app through the secure site. This is my problem.


#13

Since you have a valid certificate, have you tried to clear all browser cache and restore the session?


#14

Yes, I run in private windows, but I have cleared browser cache and tried restoring the session. I think that is what is so frustrating for me. The certificate registers when I go to the site without the port. It is only when going to the emby port that it acts up saying I don’t have a certificate.


#15

Should I be changing anything in the ProxyPass and ProxyPassReverse areas on the emby.conf file which you have in red? Maybe that is where I screwed up.


#16

Is there a reason going to the port is so critical? We intentionally have the forward set to avoid needing a port. The certificate will not register on a port other than 443. This of course can change per application. You could attempt to use the https port settings within emby, then change the necessary lines within the emby.conf


#17

Sorry if I have caused confusion. I don’t care about going to the specific port. I just want to access the ssl version of the site. I can access the ssl version of the quickbox dashboard. I want to be able to access the ssl version of emby as well.


#18

I figured out why you think I am crazy. There is no reason to enter a port at all. I thought the app forced me to go to a port, but in reality I just use the server address. I am very sorry for the confusion. I appreciate the patience and the help!


#19

You see! You are crazy!

Just glad it’s sorted :smiley: