https access issues after renewing SSL cert [QNAP]

GTunney · Post by **GTunney** » March 4th, 2021, 2:48 am

OneCD wrote: ↑March 3rd, 2021, 4:11 pm
GTunney wrote: ↑March 3rd, 2021, 3:36 pm That hasn’t worked. If anything it’s worse. Only access on https for a few mins
Bah!

safihre wrote: ↑March 3rd, 2021, 1:41 pm We don't use pyOpenSSL in SABnzbd! So that won't change anything.
Ah, no worries. Thank you.

@GTunney, are you able to post your entire SABnzbd log, and indicate the timestamps for each of your HTTPS access attempts?

Ok please see attached debug paste bin below.

https://pastebin.com/P08VERhL

Sab started at 07:40
Accessed via https at 07:40 after start up
tried to access via https at 07:42 and did not work
accessed via http at 07:44

OneCD · Post by **OneCD** » March 4th, 2021, 12:29 pm

Thank you.

I’ll be travelling for the next couple of days so I’ll check this out when I return.

Puzzled · Post by **Puzzled** » March 4th, 2021, 1:17 pm

Which browser are you using? Have you tried other browsers?

GTunney · Post by **GTunney** » March 4th, 2021, 1:31 pm

Puzzled wrote: ↑March 4th, 2021, 1:17 pm Which browser are you using? Have you tried other browsers?

I’ve tried chrome and safari on my phone.

Also various apps

GTunney · Post by **GTunney** » March 6th, 2021, 5:10 pm

Getting these errors quite a lot. The bad certificate one seems new.

Code: Select all

 [06/Mar/2021:15:04:55] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
  File "/opt/lib/python3.9/site-packages/cheroot/server.py", line 1810, in serve
    self._connections.run(self.expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 201, in run
    self._run(expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 218, in _run
    new_conn = self._from_server_socket(self.server.socket)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 271, in _from_server_socket
    s, ssl_env = self.server.ssl_adapter.wrap(s)
  File "/opt/lib/python3.9/site-packages/cheroot/ssl/builtin.py", line 277, in wrap
    s = self.context.wrap_socket(
  File "/opt/lib/python3.9/ssl.py", line 500, in wrap_socket
  File "/opt/lib/python3.9/ssl.py", line 1040, in _create
  File "/opt/lib/python3.9/ssl.py", line 1309, in do_handshake
ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:1122)
ERROR 7 hours ago [06/Mar/2021:15:04:52] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
  File "/opt/lib/python3.9/site-packages/cheroot/server.py", line 1810, in serve
    self._connections.run(self.expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 201, in run
    self._run(expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 218, in _run
    new_conn = self._from_server_socket(self.server.socket)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 271, in _from_server_socket
    s, ssl_env = self.server.ssl_adapter.wrap(s)
  File "/opt/lib/python3.9/site-packages/cheroot/ssl/builtin.py", line 277, in wrap
    s = self.context.wrap_socket(
  File "/opt/lib/python3.9/ssl.py", line 500, in wrap_socket
  File "/opt/lib/python3.9/ssl.py", line 1040, in _create
  File "/opt/lib/python3.9/ssl.py", line 1309, in do_handshake
ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:1122)

OneCD · Post by **OneCD** » March 7th, 2021, 5:07 pm

GTunney wrote: ↑March 4th, 2021, 2:48 am Sab started at 07:40
Accessed via https at 07:40 after start up
tried to access via https at 07:42 and did not work
accessed via http at 07:44

OK, I've had a look at your log (thank you), and I can see access entries for 7:40 and 7:44 but not the attempted TLS access at 7:42.

Can you please confirm the access at 7:42 via HTTPS was to port 5001? Did you manually specify 5001 or did your browser assume the default TLS port (443)?

Can you please login to your NAS as the 'admin' user and run the following commands:

Code: Select all

type -a python3
echo $PATH

... then post the results back here?

GTunney · Post by **GTunney** » March 8th, 2021, 3:16 am

OneCD wrote: ↑March 7th, 2021, 5:07 pm
GTunney wrote: ↑March 4th, 2021, 2:48 am Sab started at 07:40
Accessed via https at 07:40 after start up
tried to access via https at 07:42 and did not work
accessed via http at 07:44
OK, I've had a look at your log (thank you), and I can see access entries for 7:40 and 7:44 but not the attempted TLS access at 7:42.

Can you please confirm the access at 7:42 via HTTPS was to port 5001? Did you manually specify 5001 or did your browser assume the default TLS port (443)?

Can you please login to your NAS as the 'admin' user and run the following commands:
Code: Select all
type -a python3
echo $PATH
... then post the results back here?

Yes access at 07:42 was https to port 5001, yes port 5001 is manually specified and one that I always use on the end of my url for sab access.

Bit of an update for you, I had to also reinstall entware yesterday and it's been up via https ever since.

OneCD · Post by **OneCD** » March 8th, 2021, 2:32 pm

GTunney wrote: ↑March 8th, 2021, 3:16 am Bit of an update for you, I had to also reinstall entware yesterday and it's been up via https ever since.

Oh good!

Support Forum

https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]