@Edent Check this video. It helped me after 3 days of nightmare issues with different setups. https://m.youtube.com/watch?v=qlcVx-k-02E&pp=ygUaTmdpbnhwcm94eW1hbmFnZXIgamVsbHlmaW4%3D
It has docker but setup is really easy.

Nginxproxymanager, docker and it runs from first try. SSL works and updates are atraightforward.

I hope this helps.

@Edent any logs/errors from nginxproxymanager hinting to why it may have stopped working with LetsEncrypt (working on the fixing what's there may be easier than something new..)

First guess would be that LetsEncypt default solver still needs port 80 to be open to read the challenge

@Edent caddy is craaaaazy simple

@Edent I've got Jellyfin running on an old Mac mini and (incidentally) a NanoPi running Armbian that's running Caddy in a Docker container. Most of that's details, but the abbreviated Caddyfile config looks like:

*.domain.example {
at-jellyfin host jellyfin.domain.example
handle at-jellyfin {
reverse_proxy ip:port
}
}

Replace "at-" with "@" and "ip:port" with the Jellyfin server's IP and port. That's a two-computer setup, but you could probably run this all on the same machine.

@Edent I want to recommend Caddy, and most people I know who use it have a good time, but I did angrily switch away from it to nginx + lego because it spent a day failing to renew one of my certs with really opaque errors and nothing I could do kicked it into gear.

nginx + lego has been solid ever since, but with a slightly higher effort for the initial setup.

@Edent I will assume that your Jellyfin is on server with a public IP address.
If so, then caddy can act as a reverse proxy for your Jellyfin, the nice things being that caddy automagically create and manage the SSL for you.

A caddyfile like :

jellyfin.example.com {
reverse_proxy 127.0.0.1:8096
}

Not a security expert…

#Jellyfin #caddy #SelfHosting

Oh, if you don't mind Yet Another Evil Empire, Cloudflare Tunnel is super easy:

https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/

Gets progressively easier if you also let them manage your DNS, then you can add/remove hosts and services, map names, etc., all through the web console and LetsEncrypt just works. No static public IPs necessary, and you can layer on MFA if need be.

I would recommend Caddy. I use it for all my services on a single VM and it works perfectly fine.

@Edent@mastodon.social
I would use ngnix directly, ao you havw a better chance to understand what you so.
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

This should cover your case for example.
Myself I use apache httpd and lego acme client,
but its not much of a difference for that purpose.