Hi,
Hope that someone still reads this post. Have updated to version 1.2.0 on my Synology NAS
I also receive the: Server xxxx.xxxxxxxx.xx uses an untrusted certificate [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)] error
However I cannot find the option to disable https verification.
Hope someone can help me with this.
Best regards,
MacLeod
Server xxxx.xxxxxxxx.xx uses an untrusted certificate
Forum rules
Help us help you:
Help us help you:
- Are you using the latest stable version of SABnzbd? Downloads page.
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Re: Server uses an untrusted HTTPS certificate <SOLVED>
On the xxx ... that is the name of the newsserver, right? Not a webserver?Have updated to version 1.2.0 on my Synology NAS
I also receive the: Server xxxx.xxxxxxxx.xx uses an untrusted certificate [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)] error
Why did you leave out the server name? Now we can't determine if the problem is on the server side, or on your Synology NAS
Re: Server uses an untrusted HTTPS certificate <SOLVED>
Click 'Advanced' in the Servers settings to see the Certificate Validation settings.
But indeed, which server is it? We need to name-and-shame them
But indeed, which server is it? We need to name-and-shame them
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: Server uses an untrusted HTTPS certificate <SOLVED>
Hi Sander,
You are correct, the xxx is the name of the news server. I have already contacted my (news) provider, and they use a self signed certificate.
You are correct, the xxx is the name of the news server. I have already contacted my (news) provider, and they use a self signed certificate.
Re: Server uses an untrusted HTTPS certificate <SOLVED>
MacLeod wrote:Hi Sander,
You are correct, the xxx is the name of the news server. I have already contacted my (news) provider, and they use a self signed certificate.
- Still no server name? Is it a secret server? I have compiled a list of good and bad newsserver (see https://github.com/sabnzbd/sabnzbd/issu ... -246098127) ... and each new newsserver is welcome
- is your news provider going to get a real certificate? That's the idea of SSL/TLS: the right security.
- with a self-signed certificate you don't know if the connection is secure. So, apart from what Safihre said, you can also use a plain NNTP connection.
Re: Server uses an untrusted HTTPS certificate <SOLVED>
Hi Sander,
No it's not a secret ;-) news.tweak.nl and news.tweakdsl.nl
My provider (they provide both my internet and news) state that because the servers are only available in their own network, a self-signed cert should be sufficient.
I use these servers for almost a decade now. Haven't had any problems connecting in the past that I know of. Has there been in change in sabnzbd that causes the connection to fail?
I prefer to encrypt my connection to the provider (for both security and privacy reasons), that's why I enabled SSL.
No it's not a secret ;-) news.tweak.nl and news.tweakdsl.nl
My provider (they provide both my internet and news) state that because the servers are only available in their own network, a self-signed cert should be sufficient.
I use these servers for almost a decade now. Haven't had any problems connecting in the past that I know of. Has there been in change in sabnzbd that causes the connection to fail?
I prefer to encrypt my connection to the provider (for both security and privacy reasons), that's why I enabled SSL.
Re: Server xxxx.xxxxxxxx.xx uses an untrusted certificate
This did the trick, and as you can see in my previous post, I have made the naming and shaming possible!safihre wrote:Click 'Advanced' in the Servers settings to see the Certificate Validation settings.
But indeed, which server is it? We need to name-and-shame them
Thanks guys for your assistance!
Re: Server xxxx.xxxxxxxx.xx uses an untrusted certificate
news.tweaknews.nl is also is also unsecure as in self-signed. Is that the same company?No it's not a secret ;-) news.tweak.nl and news.tweakdsl.nl
Because there is only 100 km between you and the newsserver, including routers, switches and intercept hardware, so who possibly could listen to your traffic, check what you're downloading, harvest your newsserver password and be a man-in-the-middle ...My provider (they provide both my internet and news) state that because the servers are only available in their own network, a self-signed cert should be sufficient.
Because of the all hacks and eavesdroppers, security is getting more and more strict. Google Chrome is moving towards "everything encrypted", refusing insecure HTTPS connections, warning you when you fill out passwors over a non-secure connection. SABnzbd and Python (on which it's built) are going that way too. And you selected SSL/TLS at your newsserver settings, so SABnzbd refused insecure connections. Unless you overrule that, as you did.I use these servers for almost a decade now. Haven't had any problems connecting in the past that I know of. Has there been in change in sabnzbd that causes the connection to fail?
Yeah, but now you have fake security. Your system told you it's unsecure, and you have overruled that ... :-(I prefer to encrypt my connection to the provider (for both security and privacy reasons), that's why I enabled SSL.
Re: Server news.tweak.nl uses an untrusted certificate
Ongoing rant:
A valid certificate used to cost 10 or 100 Euro per year. Now it costs ... 0 Euro; via Let's Encrypt. See https://letsencrypt.org/
So I see no reason why tweak would use a self-signed certificate.
For Google and Naming & Shaming:
Only news.tweaknews.EU is correct.
Shame on Tweak.
A valid certificate used to cost 10 or 100 Euro per year. Now it costs ... 0 Euro; via Let's Encrypt. See https://letsencrypt.org/
So I see no reason why tweak would use a self-signed certificate.
For Google and Naming & Shaming:
Code: Select all
[Errno 111] Failed to connect: Server news.tweak.nl uses an untrusted certificate [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)] [email protected]:563
Code: Select all
[Errno 111] Failed to connect: Server news.tweakdsl.nl uses an untrusted certificate [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)] [email protected]:563
Code: Select all
[Errno 111] Failed to connect: Server news.tweaknews.nl uses an untrusted certificate [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)] [email protected]:563
Shame on Tweak.
Re: Server xxxx.xxxxxxxx.xx uses an untrusted certificate
Hi Sander,
I get your points (I use a valid free certificate on my own server for that reason). Will try to convince the provider to purchase a (free) certificate for the reasons you mention in your accurate rant!
I get your points (I use a valid free certificate on my own server for that reason). Will try to convince the provider to purchase a (free) certificate for the reasons you mention in your accurate rant!
Re: Server xxxx.xxxxxxxx.xx uses an untrusted certificate
Good!MacLeod wrote:Hi Sander,
I get your points (I use a valid free certificate on my own server for that reason). Will try to convince the provider to purchase a (free) certificate for the reasons you mention in your accurate rant!
I've created a new overview of SSL/TLS newsservers: https://docs.google.com/spreadsheets/d/ ... sp=sharing
Re: Server xxxx.xxxxxxxx.xx uses an untrusted certificate
Hi Sander,
I checked the webserver for tweak.nl and that server uses a valid certicate (even a wildcard certificate) so I suggested that they use this cert on their news server as well, along with the points you mentioned. I will let you know how they react to this.
I checked the webserver for tweak.nl and that server uses a valid certicate (even a wildcard certificate) so I suggested that they use this cert on their news server as well, along with the points you mentioned. I will let you know how they react to this.
Re: Server news.tweak.nl uses an untrusted certificate
Oh, indeed: https://www.tweak.nl/ has a certificate for *.tweak.nl, so they can use that certificate for news.tweaks.nlMacLeod wrote:Hi Sander,
I checked the webserver for tweak.nl and that server uses a valid certicate (even a wildcard certificate)