[SOLVED] [Help] Issue with Jellyfin and Private Key

animist@lemmy.one · edit-2 1 year ago

[SOLVED] [Help] Issue with Jellyfin and Private Key

lambchop@lemmy.world · 1 year ago

I’d recommend using a reverse proxy even if you just have 1 service. The swag container from Linuxserver is good, nginx proxy manager is probably the easiest, both automate the cert and renewal

animist@lemmy.one · 1 year ago

Yeah I am definitely going to be working on this next week

hello_world@feddit.uk · 1 year ago

did you set up letsencrypt/certbot in the first place to write files to /usr/local/etc/letsencrypt/live/domain.org/cert.pem? If so, did you take care to replace domain.org by the actual domain you are using?

The documentation you linked looks a bit funny in that the first command writes to private key/cert to privkey.pem and cert.pem, but then the second command tries to read in a (likely) certbot-created certificate. I guess if you followed the steps you need to replace usr/local/etc/letsencrypt/live/domain.org/cert.pem in the second command by the cert.pem created in the first one?

animist@lemmy.one · 1 year ago

That makes sense.

So the domain name I am using already has letsencrypt/certbot set up as I access my Nextcloud from the web over https. I believe it throws the keys somewhere in /etc.

I guess what I should be doing is searching for where the first jellyfin command created the cert.pem file and then just adjust the path in the second command to that?

hello_world@feddit.uk · 1 year ago

Either that (if you want to use a self-signed cert) or point it at the certbot-created files in /etc? If I understand the jellyfin docs correctly, the second command just translates the usual .pem files into a .pfx file for jellyfin, so should work with any certificate you give to it.

If you’re going to do the latter, you should also add a certbot deploy script to regenerate the .pfx file after a certificate renewel (and possibly restart jellyfin, idk).