[SOLVED] [Help] Issue with Jellyfin and Private Key
I have Jellyfin on my Raspberry Pi and I usually access it via my local network or via SSH tunneling when I'm outside of my local network, but I want to be able to just access it via https outside of my local network.
I am following the instructions on Jellyfin's Networking page here: https://jellyfin.org/docs/general/networking/
On the part where I input this command
openssl pkcs12 -export -out jellyfin.pfx -inkey privkey.pem -in /usr/local/etc/letsencrypt/live/domain.org/cert.pem -passout pass:
I get this error
Can't open /usr/local/etc/letsencrypt/live/domain.org/cert.pem for reading, No such file or directory
Any idea what I'm doing wrong?
Got it solved! For future people reading this, the solution is here: https://github.com/jellyfin/jellyfin/issues/6697#issuecomment-1086973795
Jellyfin's Networking guide is all wrong.
I'd recommend using a reverse proxy even if you just have 1 service. The swag container from Linuxserver is good, nginx proxy manager is probably the easiest, both automate the cert and renewal
Yeah I am definitely going to be working on this next week
did you set up letsencrypt/certbot in the first place to write files to
/usr/local/etc/letsencrypt/live/domain.org/cert.pem? If so, did you take care to replacedomain.orgby the actual domain you are using?The documentation you linked looks a bit funny in that the first command writes to private key/cert to privkey.pem and cert.pem, but then the second command tries to read in a (likely) certbot-created certificate. I guess if you followed the steps you need to replace
usr/local/etc/letsencrypt/live/domain.org/cert.pemin the second command by the cert.pem created in the first one?Check the permissions of the certificate as well as the path to it. Jellyfin is running as a low priv account and probably lacks read rights.
Yeah it ended up creating them in the folder I was located in at the time (~/Downloads). I got it to create a pfx file and pointed Jellyfin to it but I still get a 404 when trying to access from the web despite having the port open and port forwarding to it.
Hmmm maybe restart Jellyfin? I know I had to tinker a bit to get it working. Also check that the hostname matches on the cert and your jellyfin config
Got it solved! I found someone else solved it here: https://github.com/jellyfin/jellyfin/issues/6697#issuecomment-1086973795
Copied what they did (with tweaks to password and so on) and voila it works now.