Hmm, I'm not sure what else to check.
@sander: any thoughts on this?
https access issues after renewing SSL cert [QNAP]
Forum rules
Help us help you:
Help us help you:
- Are you using the latest stable version of SABnzbd? Downloads page.
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Re: https access issues after renewing SSL cert [QNAP]
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
Re: https access issues after renewing SSL cert [QNAP]
My thoughts:
- I suspect a QNAP / package thing, not SABnzbd
- OP should each time check sabnzbd.log, and especially Traceback
- I suspect a QNAP / package thing, not SABnzbd
- OP should each time check sabnzbd.log, and especially Traceback
Re: https access issues after renewing SSL cert [QNAP]
My understanding from @GTunney on the QNAP forum is that this only started when they upgraded to SAB 3.2.0. There were no problems prior to that with HTTPS.
This didn't require an updated QPKG to be released - just a 'git pull' from within the existing package is sufficient.
But, I guess a refresh couldn't hurt. @GTunney, can you please run a 'clean' operation on that package?
This will ensure your local git clone of SAB is completely removed and refreshed from GitHub. Your settings will be retained.
This didn't require an updated QPKG to be released - just a 'git pull' from within the existing package is sufficient.
But, I guess a refresh couldn't hurt. @GTunney, can you please run a 'clean' operation on that package?
Code: Select all
/etc/init.d/sabnzbd3.sh clean
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
Re: https access issues after renewing SSL cert [QNAP]
If so, that is important information which he/she did not share here. Pity.
If so: go back to SAB 3.1.1 and verify.
Re: https access issues after renewing SSL cert [QNAP]
I've run a clean and it's still doing the same issue. OneCD I'm happy to speak privately on the QNAP forums if you want to do some testing?OneCD wrote: ↑March 1st, 2021, 3:25 am My understanding from @GTunney on the QNAP forum is that this only started when they upgraded to SAB 3.2.0. There were no problems prior to that with HTTPS.
This didn't require an updated QPKG to be released - just a 'git pull' from within the existing package is sufficient.
But, I guess a refresh couldn't hurt. @GTunney, can you please run a 'clean' operation on that package?This will ensure your local git clone of SAB is completely removed and refreshed from GitHub. Your settings will be retained.Code: Select all
/etc/init.d/sabnzbd3.sh clean
I'm sorry, I was trying to narrow down whether it was the renewal of my SSL cert or the upgrade to 3.2.0, I thought I'd mentioned it but must have been on QNAP forums and not here.
Re: https access issues after renewing SSL cert [QNAP]
No, let's keep the discussion here for now - it's easier to track the issue if everything is in one place.
Good idea.
@GTunney, if you don't mind downgrading to SAB 3.1.1 for testing purposes, here's how to do it:
- Edit the SAB3 QPKG service script file:
Code: Select all
nano $(getcfg SABnzbd Install_Path -f /etc/config/qpkg.conf)/sabnzbd3.sh
- Near the start of the script, there's a line that says:
Please change this to:
Code: Select all
readonly SOURCE_GIT_BRANCH=master
... then exit the editor and save the changed script file.Code: Select all
readonly SOURCE_GIT_BRANCH=3.1.1
- Now, restart SAB with:
... and the script will automatically downgrade your SAB instance.
Code: Select all
/etc/init.d/sabnzbd3.sh restart
- Then test for HTTPS operability.
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
Re: https access issues after renewing SSL cert [QNAP]
No probs, thought I'd just update with some extra info for help.
I also installed Stephanes qnapclub sab 3.2.0 version and copied over my config etc. Although not a direct comparison as his is running python 3.7.8 this one has currently been up and running now for over 18 hours and I can still access via https.
I shall follow your steps tomorrow to rollback your version to 3.1.1 but it does seem now this issue is pointing towards the sherpa upgrade to 3.2.0
Re: https access issues after renewing SSL cert [QNAP]
Including this from the QNAP forum in-case it's relevant:
GTunney wrote: ↑March 1st, 2021, 1:47 pm Not sure if this is something that might help with my SSL issue, just saw this in the logs from today.
Code: Select all
2021-03-01 16:07:01,625::INFO::[notifier:122] Sending notification: Error - [01/Mar/2021:16:07:01] ENGINE Error in HTTPServer.serve Traceback (most recent call last): File "/opt/lib/python3.9/site-packages/cheroot/server.py", line 1810, in serve self._connections.run(self.expiration_interval) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 201, in run self._run(expiration_interval) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 218, in _run new_conn = self._from_server_socket(self.server.socket) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 271, in _from_server_socket s, ssl_env = self.server.ssl_adapter.wrap(s) File "/opt/lib/python3.9/site-packages/cheroot/ssl/builtin.py", line 277, in wrap s = self.context.wrap_socket( File "/opt/lib/python3.9/ssl.py", line 500, in wrap_socket File "/opt/lib/python3.9/ssl.py", line 1040, in _create File "/opt/lib/python3.9/ssl.py", line 1309, in do_handshake ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:1122) (type=error, job_cat=None) 2021-03-01 16:07:01,625::ERROR::[_cplogging:213] [01/Mar/2021:16:07:01] ENGINE Error in HTTPServer.serve Traceback (most recent call last): File "/opt/lib/python3.9/site-packages/cheroot/server.py", line 1810, in serve self._connections.run(self.expiration_interval) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 201, in run self._run(expiration_interval) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 218, in _run new_conn = self._from_server_socket(self.server.socket) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 271, in _from_server_socket s, ssl_env = self.server.ssl_adapter.wrap(s) File "/opt/lib/python3.9/site-packages/cheroot/ssl/builtin.py", line 277, in wrap s = self.context.wrap_socket( File "/opt/lib/python3.9/ssl.py", line 500, in wrap_socket File "/opt/lib/python3.9/ssl.py", line 1040, in _create File "/opt/lib/python3.9/ssl.py", line 1309, in do_handshake ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:1122)
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
Re: https access issues after renewing SSL cert [QNAP]
A Google search for that error line gives this suggestion: https://stackoverflow.com/questions/654 ... -key-share
Re: https access issues after renewing SSL cert [QNAP]
Uptime with the QNAPclub 3.2.0 was over 24 hours and could still access via https.
I've now downgraded the sherpa package to 3.1.1 and will monitor.
I've now downgraded the sherpa package to 3.1.1 and will monitor.
Re: https access issues after renewing SSL cert [QNAP]
Https access with Sherpa 3.1.1 has just gone off. Checked the logs and same error as above in the logs so doesn’t seem linked to 3.2.0 but deffo linked to Sherpa.OneCD wrote: ↑March 2nd, 2021, 5:19 pm Including this from the QNAP forum in-case it's relevant:GTunney wrote: ↑March 1st, 2021, 1:47 pm Not sure if this is something that might help with my SSL issue, just saw this in the logs from today.
Code: Select all
2021-03-01 16:07:01,625::INFO::[notifier:122] Sending notification: Error - [01/Mar/2021:16:07:01] ENGINE Error in HTTPServer.serve Traceback (most recent call last): File "/opt/lib/python3.9/site-packages/cheroot/server.py", line 1810, in serve self._connections.run(self.expiration_interval) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 201, in run self._run(expiration_interval) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 218, in _run new_conn = self._from_server_socket(self.server.socket) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 271, in _from_server_socket s, ssl_env = self.server.ssl_adapter.wrap(s) File "/opt/lib/python3.9/site-packages/cheroot/ssl/builtin.py", line 277, in wrap s = self.context.wrap_socket( File "/opt/lib/python3.9/ssl.py", line 500, in wrap_socket File "/opt/lib/python3.9/ssl.py", line 1040, in _create File "/opt/lib/python3.9/ssl.py", line 1309, in do_handshake ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:1122) (type=error, job_cat=None) 2021-03-01 16:07:01,625::ERROR::[_cplogging:213] [01/Mar/2021:16:07:01] ENGINE Error in HTTPServer.serve Traceback (most recent call last): File "/opt/lib/python3.9/site-packages/cheroot/server.py", line 1810, in serve self._connections.run(self.expiration_interval) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 201, in run self._run(expiration_interval) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 218, in _run new_conn = self._from_server_socket(self.server.socket) File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 271, in _from_server_socket s, ssl_env = self.server.ssl_adapter.wrap(s) File "/opt/lib/python3.9/site-packages/cheroot/ssl/builtin.py", line 277, in wrap s = self.context.wrap_socket( File "/opt/lib/python3.9/ssl.py", line 500, in wrap_socket File "/opt/lib/python3.9/ssl.py", line 1040, in _create File "/opt/lib/python3.9/ssl.py", line 1309, in do_handshake ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:1122)
Re: https access issues after renewing SSL cert [QNAP]
Nice find @Puzzled.Puzzled wrote: ↑March 2nd, 2021, 6:02 pm A Google search for that error line gives this suggestion: https://stackoverflow.com/questions/654 ... -key-share
I've just modified sherpa to use the PIP 'pyopenssl' package instead of the IPKG 'python3-pyopenssl' package provided by Entware. Let's see if it solves the problem.
@GTunney, can you please run the following to switch the Python SSL modules?
Code: Select all
sherpa clean
sherpa reinstall sab
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
Re: https access issues after renewing SSL cert [QNAP]
We don't use pyOpenSSL in SABnzbd! So that won't change anything.
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: https access issues after renewing SSL cert [QNAP]
That hasn’t worked. If anything it’s worse. Only access on https for a few minsOneCD wrote: ↑March 3rd, 2021, 12:47 pmNice find @Puzzled.Puzzled wrote: ↑March 2nd, 2021, 6:02 pm A Google search for that error line gives this suggestion: https://stackoverflow.com/questions/654 ... -key-share
I've just modified sherpa to use the PIP 'pyopenssl' package instead of the IPKG 'python3-pyopenssl' package provided by Entware. Let's see if it solves the problem.
@GTunney, can you please run the following to switch the Python SSL modules?This will put you back on SAB 3.2.0.Code: Select all
sherpa clean sherpa reinstall sab
Re: https access issues after renewing SSL cert [QNAP]
Bah!
Ah, no worries. Thank you.
@GTunney, are you able to post your entire SABnzbd log, and indicate the timestamps for each of your HTTPS access attempts?
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE