Enabling https gives error

Get help with all aspects of SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
User avatar
jcfp
Release Testers
Release Testers
Posts: 986
Joined: February 7th, 2008, 12:45 pm

Re: Enabling https gives error

Post by jcfp »

pven wrote: July 25th, 2018, 1:13 pmHowever: when I load the generated certificate in chrome, it still tells me SABnzbd is not safe, I need to look at that further
Every browser will tell you that for a self-signed cert (as they should). The difference is what options they give you afterwards (i.e. to trust it anyway, add a permanent exception, etc.). Other ways out of those warnings involve manipulating the os and/or browser cert store (comes with its own dangers) or to get a more official certs (e.g. letsencrypt).
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Enabling https gives error

Post by sander »

That's why I asked you ... Chrome does not trust self-signed certificates.

One step further is Let's Encrypt ... real certificates. You will need a hostname, for example via duckdns.
pven
Release Testers
Release Testers
Posts: 114
Joined: August 21st, 2009, 5:00 am

Re: Enabling https gives error

Post by pven »

Thanks! Now I understand. :-)

I am going to look at Let's Encrypt. Last question: should I only open port 80 during the creation of the certificate, or should it be open 'for ever'?
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Enabling https gives error

Post by sander »

Only during certificate request and renewal. Plus port 443, I guess
pven
Release Testers
Release Testers
Posts: 114
Joined: August 21st, 2009, 5:00 am

Re: Enabling https gives error

Post by pven »

To be complete: opening port 80 was sufficient. It works now!

I created a certificate by using DSM on Synology, I exported this certificate and used it for SABnzbd. This is valid. :-)
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Enabling https gives error

Post by sander »

pven wrote: July 29th, 2018, 10:01 am To be complete: opening port 80 was sufficient. It works now!

I created a certificate by using DSM on Synology, I exported this certificate and used it for SABnzbd. This is valid. :-)
"exported"? Do you mean you copied? If so, remember you must export it again after renewing your certificate.

To avoid copying, you could also point sabnzbd.ini's cert settings to the location where the Letsencrypt ACME tool puts them.

I use Letsencrypt for SABnzbd this way: Letsencrypt on Apache, with Apache a proxy to SABnzbd.
Satalink
Newbie
Newbie
Posts: 1
Joined: December 27th, 2021, 8:55 am

Re: Enabling https gives error

Post by Satalink »

I know this is old, but for me the answer was as simple as copying the pem files from the LetsEncrypt's live domains directory into a place unique to sabnzbd. I had created links in cygwin but apparently SABnzbd is looking for hard files and rejects links. Probably some if (file exists) logic that doesn't account for symbolic links in Windows..?

LetsEncrypt uses a live and archive folder mechanism to link the live certificates to a rotating certificate archive. This doesn't make it easily possible to directly reference the LetsEncrypt certificates without the use of symbolic links.

For the time being, I've created a simple script that The -l copies links to files.

Hope this helps.. maybe someone with the time can submit an issue and fix this so we can simply reference the live symbolic links in LetsEncrypt.
Post Reply