+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: LetsEncrypt SSL (/t-letsencrypt-ssl)
LetsEncrypt SSL - Fuqua - 2023-11-29
Hi,
If someone would be kind enough to point me in the right direction. Basically Jellyfin runs fine and has been so for a few months but the problem is that I cant get it to use the existing Certbot/LetsEncrypt SSL certificate configured on the Apache2 Server. The server has its own public IP address and Domain name and is internet facing and works fine in https mode. However with Jellyfin https is NOT working.
I have repeatedly tried to point it to the SSL certificates in the "live" folder of letsencrpt using the "NETWORKING" Menu tab as admin in the admin section of Jellyfin.
Thus, I have Checked "Enable HTTPS"
I have checked "Require HTTPS
But none of this has helped.
I have changed the path for "Custom SSL certificate path:" to that of LetsEncrypt folder and pem file
If someone has a real working step by step to this issue that would be helpful
Thanks
P/S as pointed out the server is already public facing with a valid public Certbot SSL certificate, IP Address, Domain Name and Jellyfin is the ONLY application on the server (so it is not sharing anything) and the server is running Apache
Fuqua
RE: LetsEncrypt SSL - TheDreadPirate - 2023-11-29
The cert format that jellyfin needs is different that what certbot/apache uses.
If the reverse proxy is running on the same host as the machine running the reverse proxy you don't need jellyfin to be using https since the reverse proxy is handling that with the client.
RE: LetsEncrypt SSL - Fuqua - 2023-11-29
Thanks TheDeadPirate" but there is no "proxy" it is directly connected to the internet (it has a valid IP address and DNS name that are public facing) with a firewall infront so that does not really apply in this case.
Do you mind if I ask what exactly is the "Format" that Jellyfin requires? (I Quote yours
: The cert format that jellyfin needs is different that what certbot/apache uses. Would you by any chance have more info on this? Thanks
RE: LetsEncrypt SSL - TheDreadPirate - 2023-11-29
I believe Jellyfin needs a combined key and cert pem file.
https://jellyfin.org/docs/general/networking/#self-signed-certificate
RE: LetsEncrypt SSL - Kubwa - 2023-11-30
Personally, i would highly recomment not making jellyfin publicly available. You never know if, maybe, somewhere in the code of Jellyfin, or the libraries it uses are zero day exploids.
Consider using a vpn like wireguard. There are clients for nearly all devices available.
RE: LetsEncrypt SSL - TheDreadPirate - 2023-11-30
(2023-11-30, 08:26 AM)Kubwa Wrote: Personally, i would highly recomment not making jellyfin publicly available. You never know if, maybe, somewhere in the code of Jellyfin, or the libraries it uses are zero day exploids.
Consider using a vpn like wireguard. There are clients for nearly all devices available.
Your logic would make it impossible to have anything publicly accessible because "you never know". Having said that, this is the reason we strongly recommend a reverse proxy in front of Jellyfin if you make it publicly accessible. Jellyfin is not hardened and having the reverse proxy in front of Jellyfin eliminates, or at least mitigates, most web based attack vectors.