I have Jellyfin on my Raspberry Pi and I usually access it via my local network or via SSH tunneling when I’m outside of my local network, but I want to be able to just access it via https outside of my local network.
I am following the instructions on Jellyfin’s Networking page here: https://jellyfin.org/docs/general/networking/
On the part where I input this command
openssl pkcs12 -export -out jellyfin.pfx -inkey privkey.pem -in /usr/local/etc/letsencrypt/live/domain.org/cert.pem -passout pass:
I get this error
Can't open /usr/local/etc/letsencrypt/live/domain.org/cert.pem for reading, No such file or directory
Any idea what I’m doing wrong?
Got it solved! For future people reading this, the solution is here: https://github.com/jellyfin/jellyfin/issues/6697#issuecomment-1086973795
Jellyfin’s Networking guide is all wrong.
That makes sense.
So the domain name I am using already has letsencrypt/certbot set up as I access my Nextcloud from the web over https. I believe it throws the keys somewhere in /etc.
I guess what I should be doing is searching for where the first jellyfin command created the cert.pem file and then just adjust the path in the second command to that?
Either that (if you want to use a self-signed cert) or point it at the certbot-created files in /etc? If I understand the jellyfin docs correctly, the second command just translates the usual .pem files into a .pfx file for jellyfin, so should work with any certificate you give to it.
If you’re going to do the latter, you should also add a certbot deploy script to regenerate the .pfx file after a certificate renewel (and possibly restart jellyfin, idk).