search

techanon / vroxy

Self-hosted YoutubeDL proxy
ISC License
30 stars 10 forks source link

AVPro players cannot play "vroxy links" without a SSL certificate other than Let's encrypt without downloading optional certificates. #34

Open mackandelius opened 1 year ago

mackandelius commented 1 year ago

https://help.vrchat.com/hc/en-us/articles/4408619131795-Video-Players-failing-with-CERTIFICATE-VERIFY-FAILED-in-output-logs

Installing these files it required for making Let's encrypt certificates work on PC on AVPro players with this version of Unity. Not sure if Quest has the same issue, wasn't tested.

It should be added to the documentation that to have a universally useful resolver one needs a SSL certificate other than Let's encrypt. A solution I figured out is that you can use Cloudflare's proxy to get a valid SSL certificate, since their Universal SSL replaces your server's SSL certificate with their own.

Happyrobot33 commented 1 year ago

can confirm, this is an issue. This, as far as I know, is only a problem for PC, however I may be incorrect. I am using the same workaround, and this workaround should be added to the readme

Happyrobot33 commented 1 year ago

I will add, cloudflare isnt a complete solution, as without paying, there is a chance that the certificate it picks for your web URL will be a letsencrypt one anyway, and it is only possible to specify non-letsencrypt certs if you pay for the feature

https://developers.cloudflare.com/ssl/reference/certificate-authorities/

mackandelius commented 1 year ago

I will add, cloudflare isnt a complete solution, as without paying, there is a chance that the certificate it picks for your web URL will be a letsencrypt one anyway, and it is only possible to specify non-letsencrypt certs if you pay for the feature

https://developers.cloudflare.com/ssl/reference/certificate-authorities/

Yeah, that is not ideal.

It is a double edged sword, but good thing the certificates stay around for 3 months (according to my dashboard) and has a specific date when it renews, allows us to keep track, can even get them to email you.

It isn't entirely clear if there is any way to force a reissue, but potentially turning off universal SSL for a few hours and then back on might cause a reissue, although that could annoy Cloudflare if it worked, so probably doesn't.