You are not logged in.
Pages: 1
I have what seems to be a fairly common problem, judging from the amount of threads on this topic. However, everything that I have tried did not solve my problem.
Hence I humbly seek for some guidance here at the NC. I hope this is OK.
I have recently installed Arch Linux on a Beelink mini PC at home. My main goal is to set it up as a Jellyfin media server. I also want to install nginx reverse proxy with a Let's Encrypt certificate in order to securely access my media server from outside my local network.
Thus far, the PC is up and running, Jellyfin works fine locally.
I have ufw running with ports 80 and 443 open.
I installed nginx and activated the service. I already added the conf file for Jellyfin as instructed in https://wiki.archlinux.org/title/Jellyf … rse_proxy/ (replacing all DOMAIN_NAME with my own domain name, of course, but leaving all else intact). I tested the conf file via
sudo nginx -t (no errors) and reloaded the service.
I created an A record through my DNS provider (Netlify). I should note that it is a subdomain (of the kind jellyfin.mywebpage.com), the main domain mywebpage.com points somewhere else. I have checked and the new A record for the subdomain seems to have propagated sufficiently (+24h by now), pointing at my home public IP.
I installed certbot following https://wiki.archlinux.org/title/Certbot/. But when I try to run
certbot --nginxI invariably get the same error:
sudo certbot --nginx -d jellyfin.mywebpage.com -d www.jellyfin.mywebpage.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for jellyfin.mywebpage.com and www.jellyfin.mywebpage.com
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: jellyfin.mywebpage.com
Type: connection
Detail: xxx.xxx.xx.xxx: Fetching http://jellyfin.mywebpage.com/.well-known/acme-challenge/3YxWqGpyKxpuUO8gH0iMN7pUgA70G5l40J2jVQN2yP0: Timeout during connect (likely firewall problem)
Domain: www.jellyfin.mywebpage.com
Type: connection
Detail: xxx.xxx.xx.xxx: Fetching http://www.jellyfin.mywebpage.com/.well-known/acme-challenge/fbk32IZadbqvahs6fGGRDSS5W6dy7TTd_avcotsm9g4: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.I simply don't know what to do. I have googled this error, found many threads on it, but managed nothing in the shape of a fix.
Can someone please point me in the right direction?
Many thanks in advance
Offline
Update:
I managed to solve the problem above. It's embarrassing, but I forgot to forward ports 80 and 443 on my router...
So now the Let's Encrypt certificate was successfully generated and the files are where they need to be (/etc/letsencrypt/live/jellyfin.mywebpage.com/fullchain.pem and /etc/letsencrypt/live/jellyfin.mywebpage.com/privkey.pem).
But, I am still not done... When running the following command to deploy the certificate,
sudo certbot install --cert-name jellyfin.mywebpage.comI get the following error:
Deploying certificate
Could not install certificate
Could not automatically find a matching server block for jellyfin.mywebpage.com. Set the `server_name` directive to use the Nginx installer.I don't understand, my /etc/nginx/sites-available/jellyfin.conf file does show the correct server_name as far as I can tell:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jellyfin.mywebpage.com; # <- here
....I'm using the exact same .conf file from the official Arch Linux Jellyfin help page, only replacing DOMAIN_NAME with jellyfin.mywebpage.com.
I have created the symlink to sites-enabled.
What am I missing?
Last edited by elegantissima (2024-01-10 12:37:14)
Offline
Never mind, I gave up.
Tried Caddy instead, worked out of the box.
Offline
Pages: 1