LAN Only, Self Signed SSL Cert / HTTPS Help

[Zer0CoolXI]

Hello All,

I just finished setting up Jellyfin in a Proxmox Debian 12 LXC container. All good.

I am now trying to setup HTTPS. My setup is LAN only, no remote access. Just want to do it for piece of mind. I'd prefer not having to use something like Lets Encrypt and/or reverse proxies.

I just want to generate a simple self-signed SSL cert and enable HTTPS on Jellyfin.

I followed the steps here: https://claytonerrington.com/blog/jellyfin-and-ssl/, replacing the FQDN with my own internal FQDN for jellyfin...using a ".lan" tld (I know).

I have a 'jellyfin.pfx' file in '/srv/jellyfin.pfx'.

In Jellyfin, I have on the Networking settings page:

• Checked "Enable HTTPS"
  
• Under "HTTPS Settings", "Custom SSL cert path", entered /srv/jellyfin.pfx
  

Settings saved, server has been rebooted.

going to "https://jellyfin.domain.lan:8920" results in a problem loading page/unable to connect result. http on port 8096 works as expected

I am not sure where to go from here. Either I am missing a critical step in the process or the guide I followed lead me astray. Any help would be appreciated. Thanks

[TheDreadPirate]

Can you share your logs via privatebin.net? Does Jellyfin has permission to read that file and folder? Did you open port 8920 on the host firewall?

[Zer0CoolXI]

What would be the proper way to even check the logs your looking for? I'm new to Jellyfin so still learning it.

Host firewall log not showing anything blocked, also didnt have to open port for http on it for jellyfin either (8096).

If i could get a nudge on proper way to check Jellyfin logs, I can take a look over them and report back as needed. If logs dont show a clear path I can explore opening https/8920 on host firewall.

Thanks!

[TheDreadPirate]

When Jellyfin starts, if the cert is bad it will print logs saying so. Not sure how specific they will be about what is wrong.

[Zer0CoolXI]

Ok would I find that log under the Dashboard | Logs or are we talking from like /var/logs? As long as I can figure out the right place to look it will get me started. Alternatively, if you could point me to a reliable set of directions for doing a self signed cert properly I can try and do that instead of fixing something I may have done wrong. Its not much trouble for me to get back to how I have Jellyfin installed starting over.

Thanks

[TheDreadPirate]

/var/log/jellyfin/

We don't recommend self-signed certs. A lot of TV devices have no way to install self-signed certs into the OS nor a way to tell the OS/client to connect anyway.

Pretty much only browsers on PCs would be able to connect.

That is in addition to self-signed setups not adding much security since self-signed certs can be spoofed, enabling MITM attacks. If you were in a situation where you had malware on your server, or a device on your LAN, that could intercept traffic, a sophisticated attacker could still intercept traffic when using self-signed certs.

Use legit certs, or don't bother. Especially if this is a LAN only setup.