I have Jellyfin on my Raspberry Pi and I usually access it via my local network or via SSH tunneling when I’m outside of my local network, but I want to be able to just access it via https outside of my local network.

I am following the instructions on Jellyfin’s Networking page here: https://jellyfin.org/docs/general/networking/

On the part where I input this command

openssl pkcs12 -export -out jellyfin.pfx -inkey privkey.pem -in /usr/local/etc/letsencrypt/live/domain.org/cert.pem -passout pass:

I get this error

Can't open /usr/local/etc/letsencrypt/live/domain.org/cert.pem for reading, No such file or directory

Any idea what I’m doing wrong?

Got it solved! For future people reading this, the solution is here: https://github.com/jellyfin/jellyfin/issues/6697#issuecomment-1086973795

Jellyfin’s Networking guide is all wrong.

  • lambchop@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I’d recommend using a reverse proxy even if you just have 1 service. The swag container from Linuxserver is good, nginx proxy manager is probably the easiest, both automate the cert and renewal

  • hello_world@feddit.uk
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    did you set up letsencrypt/certbot in the first place to write files to /usr/local/etc/letsencrypt/live/domain.org/cert.pem? If so, did you take care to replace domain.org by the actual domain you are using?

    The documentation you linked looks a bit funny in that the first command writes to private key/cert to privkey.pem and cert.pem, but then the second command tries to read in a (likely) certbot-created certificate. I guess if you followed the steps you need to replace usr/local/etc/letsencrypt/live/domain.org/cert.pem in the second command by the cert.pem created in the first one?

    • animist@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      That makes sense.

      So the domain name I am using already has letsencrypt/certbot set up as I access my Nextcloud from the web over https. I believe it throws the keys somewhere in /etc.

      I guess what I should be doing is searching for where the first jellyfin command created the cert.pem file and then just adjust the path in the second command to that?