Solved - Help with SSL: ImportError: cannot import name aead

[nstern2]

I'm trying to wrap my head around SSL since my sonarr and radarr installs continuously throw ssl/tls errors that my googling skills make me think that my issue may be because sab has either no cert or a bad one. When I attempt to have sab create a cert I get this error

Code: Select all

2020-06-03 14:04:14,901::ERROR::[misc:1462] Error creating SSL key and certificate.  I am running as admin when I get this.
2020-06-03 14:04:14,901::INFO::[misc:1463] Traceback: 
Traceback (most recent call last):
  File "sabnzbd\misc.pyo", line 1458, in create_https_certificates
  File "sabnzbd\utils\certgen.pyo", line 39, in generate_key
  File "cryptography\hazmat\backends\__init__.pyo", line 15, in default_backend
  File "cryptography\hazmat\backends\openssl\__init__.pyo", line 7, in <module>
  File "cryptography\hazmat\backends\openssl\backend.pyo", line 25, in <module>
ImportError: cannot import name aead
2020-06-03 14:04:14,901::WARNING::[SABnzbd:1296] Disabled HTTPS because of missing CERT and KEY files

So I used a program and self signed a cert and I get this error

Code: Select all

SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:1946)

I'm able to connect to sab using https and it does give me an error saying the cert is self signed, but I can view the cert via firefox and everything looks good besides the cert error in sab. Sonarr and Radarr seem to not have thrown indexer errors yet, but I usually notice those every ~12 hours or so.

So is my self signed cert ok? Do the ssl/tls errors I get loop back to Sab or am I going down the wrong path.

[sander]

Which version of SABnzbd?

Did you ever touch / generate the key and cert files yourselves, outside SABnzbd?
What if you delete the two files server.key and server.cert in the sabnzbd admin directory ?

Did you see viewtopic.php?p=116413#p116413 (but I doubt that is relevant for you)

[nstern2]

2.3.9 [03c10dc] is the version I am running on windows 7. I did try and create a self signed cert. I thought it worked since sab doesn't seem to throw errors outside of the log, but waking up today my instance of sonarr is giving another ssl/tls error.

[sander]

Windows 7? Microsoft says "Support for Windows 7 ended on January 14, 2020. If you are still using Windows 7, your PC may become more vulnerable to security risks."

Anyway: " I did try and create a self signed cert." ... do not do that. It's hard to get it right. Let SAB take care of it.

And, easier:
on a LAN, not much advantage for HTTPS.
within a system, even less advantage for HTTPS.
Use HTTP.

[nstern2]

I ran IIS crypto on my machine which looks to have solved my issue. Even though I had manually enabled tls 1.2 via the registry it must not have taken. IIS cryptop successfully enabled it and everything looks to be working fine now. I would have much rather had SAB handle the cert for me but as I stated in my original post it was having issues creating it.