2025-06-19, 07:20 AM
(This post was last modified: 2025-06-19, 09:27 PM by SirRorick. Edited 1 time in total.)
I have looked through the forum and mostly find information regarding 'self signed' certs or using reverse proxy, but am not seeing much regarding using the "Custom SSL Certificate Path" built into Jellyfin.
I am running 10.10.7 on Windows.
I have combined the Cert, Bundle, and Key from a paid cert from SSLS[.]com and applied the resulting PFX to the jellyfin server.
HTTPS is enabled, and forced using the "Require HTTPS option".
Here is the kicker, it works completely fine for me from browser and android phone app (from outside my network),
but I have family who are also using android (jellyfin phone app with a clean cache) and the domain refuses to connect. From that same phone, they can connect just using the phone browser and going to the domain.
It is not a DNS issue, it is has something to do with the cert. Same phone can connect to HTTP is I disable the requirement for HTTPS (just for testing).
Devices that appear to be affected seem to be some android phones, and most of not all 'google TV' type devices.
Does anyone have any information on this?
please note, setting up a reverse proxy is not the answer I am looking for. I had an NGINX reverse proxy on a RPi4 that applied the cert that worked. Went to cloudflare because I wanted to do away with port forwarding, learned that streaming services is against their TOS, so now I am back to port forwarding and thought, why do I even need the reverse proxy if the jellyfin can apply the cert directly, removing the extra hop and bottleneck from the RPi. (Dream Machine firewall is doing most of the fancy blocking, and I have a custom powershell script reading the jelyfin logs and banning IPS with too many failed attempts just like Fail2Ban.
So I reiterate, I am trying to not go back to the reverse proxy if the Jellyfin server can just do the one function I need. Apply the cert correctly to all users
If anyone wants log data, this is all it gives me from a failing device:
[WRN] [14] Emby.Server.Implementations.HttpServer.WebSocketConnection: WS "REDACTED" error receiving data: "The remote party closed the WebSocket connection without completing the close handshake."
[INF] [14] Emby.Server.Implementations.HttpServer.WebSocketManager: WS "REDACTED" closed
I am running 10.10.7 on Windows.
I have combined the Cert, Bundle, and Key from a paid cert from SSLS[.]com and applied the resulting PFX to the jellyfin server.
HTTPS is enabled, and forced using the "Require HTTPS option".
Here is the kicker, it works completely fine for me from browser and android phone app (from outside my network),
but I have family who are also using android (jellyfin phone app with a clean cache) and the domain refuses to connect. From that same phone, they can connect just using the phone browser and going to the domain.
It is not a DNS issue, it is has something to do with the cert. Same phone can connect to HTTP is I disable the requirement for HTTPS (just for testing).
Devices that appear to be affected seem to be some android phones, and most of not all 'google TV' type devices.
Does anyone have any information on this?
please note, setting up a reverse proxy is not the answer I am looking for. I had an NGINX reverse proxy on a RPi4 that applied the cert that worked. Went to cloudflare because I wanted to do away with port forwarding, learned that streaming services is against their TOS, so now I am back to port forwarding and thought, why do I even need the reverse proxy if the jellyfin can apply the cert directly, removing the extra hop and bottleneck from the RPi. (Dream Machine firewall is doing most of the fancy blocking, and I have a custom powershell script reading the jelyfin logs and banning IPS with too many failed attempts just like Fail2Ban.
So I reiterate, I am trying to not go back to the reverse proxy if the Jellyfin server can just do the one function I need. Apply the cert correctly to all users
If anyone wants log data, this is all it gives me from a failing device:
[WRN] [14] Emby.Server.Implementations.HttpServer.WebSocketConnection: WS "REDACTED" error receiving data: "The remote party closed the WebSocket connection without completing the close handshake."
[INF] [14] Emby.Server.Implementations.HttpServer.WebSocketManager: WS "REDACTED" closed
![[Image: AIL4fc84QG6uSnTDEZiCCtosg7uAA8x9j1myFaFs...qL0Q=w2400]](https://lh3.googleusercontent.com/pw/AIL4fc84QG6uSnTDEZiCCtosg7uAA8x9j1myFaFsx_0wM5mKgTleZb466r4NtOHIRePq_CxyhsB72qsd-xuYFkqCGogLltAMN62BXsm-yFsSZcDuryqL0Q=w2400)
