• Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below
  • Forum
  • Website
  • GitHub
  • Status
  • Translation
  • Features
  • Team
  • Rules
  • Help
  • Feeds
User Links
  • Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below

    Useful Links Forum Website GitHub Status Translation Features Team Rules Help Feeds
    Jellyfin Forum Support Troubleshooting Networking & Access Paid CA-signed SSL certificate issue

     
    • 0 Vote(s) - 0 Average

    Paid CA-signed SSL certificate issue

    I bought a SSL certificate, doesn't work with Android apps
    jo_gurt
    Offline

    Junior Member
    Posts: 3
    Threads: 1
    Joined: 2025 Apr
    Reputation: 0
    #1
    2025-04-15, 06:57 AM (This post was last modified: 2025-04-16, 10:48 AM by jo_gurt. Edited 3 times in total.)
    Hi!

    I had Jellyfin running fine for months with Let's Encrypt SSL certificate on my custom paid domain. The server is exposed under:
    https://watch.my.domain:8920

    All clients could connect fine, no issues.
    However I needed SSL cert for other things as well, so I got a paid wildcard CA-signed certificate from SS2BUY PrimeSSL cert (the cheapest option, nothing fancy required): *.my.domain

    Web client works fine, shows website as secure and the cert is correct (attachment).

    However, none of the android client work (both phone and tv). When I switch back to Let's Encrypt, it works again.

    I tried adding full cert chain to PFX file, but didn't help.

    Any suggestions where to go from there?

    Server version: 10.10.3, hosted on Proxmox, latest available android apps.


    Attached Files Thumbnail(s)
       
    TheDreadPirate
    Offline

    Community Moderator
    Posts: 15,374
    Threads: 10
    Joined: 2023 Jun
    Reputation: 460
    Country:United States
    #2
    2025-04-15, 12:36 PM
    Check if the root CA they use is in your phone and TV's trust store. If not, you can try adding their root CA.

    FYI, Let's Encrypt does wildcard certs if your DNS provider has a plugin for certbot. My DNS provider is Cloudflare, which has a certbot plugin, and I use wild card certs provided by LE.
    Jellyfin 10.10.7 (Docker)
    Ubuntu 24.04.2 LTS w/HWE
    Intel i3 12100
    Intel Arc A380
    OS drive - SK Hynix P41 1TB
    Storage
        4x WD Red Pro 6TB CMR in RAIDZ1
    [Image: GitHub%20Sponsors-grey?logo=github]
    jo_gurt
    Offline

    Junior Member
    Posts: 3
    Threads: 1
    Joined: 2025 Apr
    Reputation: 0
    #3
    2025-04-16, 10:28 AM (This post was last modified: 2025-04-16, 10:49 AM by jo_gurt. Edited 3 times in total.)
    Yeah, I think installing the SSL2BUY CA helped on Android phone. However I cannot see a way to install CA cert on Android TV (Shield or Google TV).
    Weird though that for instance browsers on the same phone don't report anything wrong with the cert. It's only jellyfin that does not like it.

    I have the same cert installed on my QNAP and QNAP client apps are perfectly fine with the cert.
    TheDreadPirate
    Offline

    Community Moderator
    Posts: 15,374
    Threads: 10
    Joined: 2023 Jun
    Reputation: 460
    Country:United States
    #4
    2025-04-16, 12:29 PM (This post was last modified: 2025-04-16, 12:29 PM by TheDreadPirate.)
    Does the cert you provide to Jellyfin include the full trust chain?
    Jellyfin 10.10.7 (Docker)
    Ubuntu 24.04.2 LTS w/HWE
    Intel i3 12100
    Intel Arc A380
    OS drive - SK Hynix P41 1TB
    Storage
        4x WD Red Pro 6TB CMR in RAIDZ1
    [Image: GitHub%20Sponsors-grey?logo=github]
    jo_gurt
    Offline

    Junior Member
    Posts: 3
    Threads: 1
    Joined: 2025 Apr
    Reputation: 0
    #5
    2025-04-16, 01:27 PM
    Yup, tried that.
    TheDreadPirate
    Offline

    Community Moderator
    Posts: 15,374
    Threads: 10
    Joined: 2023 Jun
    Reputation: 460
    Country:United States
    #6
    2025-04-16, 02:53 PM
    Not sure what else to suggest.

    If the device trusted the root, but not the intermediate CA, the full chain should have bridged that trust gap.

    If it doesn't trust the root nor the intermediate, and you can't manually add certs, I'm not sure you can address that without switching cert providers. Again, Let's Encrypt does do wildcard certs if your DNS provider has a certbot plugin.

    However, IIRC you can add certs to Android TV devices when you put the device in developer mode.
    Jellyfin 10.10.7 (Docker)
    Ubuntu 24.04.2 LTS w/HWE
    Intel i3 12100
    Intel Arc A380
    OS drive - SK Hynix P41 1TB
    Storage
        4x WD Red Pro 6TB CMR in RAIDZ1
    [Image: GitHub%20Sponsors-grey?logo=github]
    « Next Oldest | Next Newest »

    Users browsing this thread: 1 Guest(s)


    • View a Printable Version
    • Subscribe to this thread
    Forum Jump:

    Home · Team · Help · Contact
    © Designed by D&D - Powered by MyBB
    L


    Jellyfin

    The Free Software Media System

    Linear Mode
    Threaded Mode