Can't open interface with «https» anymore [Synology]

Report & discuss bugs found in SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
NorthFrenchGuy
Newbie
Newbie
Posts: 4
Joined: October 27th, 2020, 8:03 am

Can't open interface with «https» anymore [Synology]

Post by NorthFrenchGuy »

SABnzbd version on Synology NAS : 3.0.2-43
DS215J Synology Diskstation DMS version : 6.2.3-25426

After the Python3 package update to version 3.5.1-0108, I'm not able to access SABnzbd interface with my «https» URL ( https://MyServer:9090/sabnzbd/ ) from Firefox (connection failed) . I've been using this URL for at least 5-6 years prior to the upgrade.
Did a bit of research and found out I can access interface with the «http» URL ( http://MyServer:8080/sabnzbd/ ), after changing the port to 8080.

Here's a part of the SAB config file :
[misc]
permissions = 777
auto_browser = 0
host = 0.0.0.0
port = 8080
nice = -n15
ionice = ""
download_dir = /volume1/Downloads/SABnzbd/Travail_Temporaire
complete_dir = /volume1/Downloads/SABnzbd/Complets
script_dir = /usr/local/sabnzbd/var/scripts
win_menu = 1
queue_complete = ""
https_port = 9090
replace_spaces = 0
allow_64bit_tools = 1

BTW, I can't launch SAB from within the DiskStation, it gives me the same error as with the «https» URL; but I seldom used this way so I don't know if it's new.
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Can't open interface with «https» anymore

Post by sander »

What is your question?
NorthFrenchGuy
Newbie
Newbie
Posts: 4
Joined: October 27th, 2020, 8:03 am

Re: Can't open interface with «https» anymore

Post by NorthFrenchGuy »

I submitted this so you can be aware of the situation; question would be :

«What can be done to be able to open the interface via https ?»
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Can't open interface with «https» anymore

Post by sander »

NorthFrenchGuy wrote: October 27th, 2020, 3:09 pm I submitted this so you can be aware of the situation; question would be :

«What can be done to be able to open the interface via https ?»
in the SAB GUI, go to Config -> General, then click on Enable HTTPS, click Save, and click OK
NorthFrenchGuy
Newbie
Newbie
Posts: 4
Joined: October 27th, 2020, 8:03 am

Re: Can't open interface with «https» anymore

Post by NorthFrenchGuy »

Enabled HTTPS and saved, SAB restarts but it doesn't stay on (checkbox returns empty after restart) and still can't access via HTTPS.
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Can't open interface with «https» anymore [Synology]

Post by sander »

Oh?

Things I can think of:
- you cannot save any settings anymore. So ... try to change & save other settings, restart SAB, and see if they are there.
- something wrong with your python or OS libraries. You use Python 3.5, which is a bad sign, also because support ends soon. AFAIK there is python 3.7 for Synology. Anyway: in SAB, set logging to +Debug. Then enable HTTPS again, save & restart. After that, inspect sabnzbd.log. Do not download stuff. If you cannot find anything in sabnzbd.log, you can post it on pastebin, and post the URL here (with spaces around the dots)
NorthFrenchGuy
Newbie
Newbie
Posts: 4
Joined: October 27th, 2020, 8:03 am

Re: Can't open interface with «https» anymore [Synology]

Post by NorthFrenchGuy »

Noticed there was a warning from SAB, «invalid CERT and KEY files» :

- WARNING HTTPS a été désactivé à cause de fichiers CERT et KEY invalides
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Can't open interface with «https» anymore [Disabled HTTPS because of invalid CERT and KEY files]

Post by sander »

Ah. What a nice SAB feature to auto-check for that, isn't it? Clever person who made that ... ;)

On your synology, find and rename server.cert and server.key in the SABnzbd admin directory.
On POSIX it's ~/.sabnzbd/admin, I don't know on Synology.

For google reference, I recreated your case on my SAB:

Code: Select all

2020-11-04 17:28:52,094::WARNING::[sabnzbdplus:1295] Disabled HTTPS because of invalid CERT and KEY files
2020-11-04 17:28:52,094::INFO::[sabnzbdplus:1296] Traceback:
Traceback (most recent call last):
  File "/usr/bin/sabnzbdplus", line 1292, in main
    trialcontext.load_cert_chain(https_cert, https_key)
ssl.SSLError: [SSL] PEM lib (_ssl.c:4022)

The SAB interface falls back to HTTP, and will say "Disabled HTTPS because of invalid CERT and KEY files". If you have seen & said that in your first post, then it would have been clear immediatly.
cornwall
Newbie
Newbie
Posts: 1
Joined: January 1st, 2021, 11:39 am

Re: Can't open interface with «https» anymore [Synology]

Post by cornwall »

Hey there,

I'm on the same boat as @NorthFrenchGuy.
It works if I click on "advanced parameters" and force the URL (even though it's quoted as "dangerous").

Same configuration (ports 8080 and 9090 for https). I'm a bit of a newbie and learner so I'm trying to figure it out by myself thanks to this forum.
Will definitely try to rename the server.cert and server key as @sander suggests, or, at least, will try to find a way to do that !

Thanks for your inputs and all the best for 2021.
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Can't open interface with «https» anymore [Synology]

Post by sander »

My advice would be: do not use HTTPS on SAB's GUI (unless you know what you're doing.)

Reasons:
* within a PC, it is not useful
* on a LAN, HTTPS is not too useful.
* most browsers and other clients don't accept the self-signed keys anymore and give alarms
Post Reply