Page 1 of 2
Unable to connect to server (SSL Error)
Posted: March 7th, 2017, 3:53 pm
by fatgeek
Version: (Ex: 0.5.0 Final):
1.2.1 [d32cf57]
OS: (Ex: Windows XP SP2, OSX Leopard, Ubuntu Gutsy):
unRAID (linuxserver Docker container)
Install-type: (Ex: Windows Installer, Windows zip, OSx .app, OSx source, python source, linux repository, NAS package):
Docker
Skin (if applicable): (Ex: Default, Plush, Smpl)
Default
Firewall Software: (Ex: None, XP SP2 Firewall, Zone Alarm, Norton Internet Security, Kerio):
N/A
Are you using IPV6? (yes/no - most likely no):
No
Is the issue reproducible? (yes/no):
Yes
Python Version:
2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609] [ANSI_X3.4-1968]
OpenSSL:
OpenSSL 1.0.2g 1 Mar 2016 [TLS v1.2, TLS v1.1, TLS v1]
Hello,
I'm running into an error connecting to one of my providers. I have 5 other servers that connect without issue. When I test the connection from the server config page I see the following error:
Code: Select all
[Errno 111] ('_ssl.c:574: The handshake operation timed out',)
I do not have any ciphers specified under Config > Switches > SSL Ciphers.
I tested the server using OpenSSL and it supports the following ciphers:
- ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-SEED-SHA
DHE-RSA-CAMELLIA128-SHA
The issue seems to have started a few days ago. I reached out to my provider and they say they haven't made any SSL changes in months. Could it be that Sab does not support any of the above listed ciphers? I have tried all three of the options under Servers > Advanced > Certificate verification. I have about 4 hours worth of debug logs available if anyone wants to take a look.
Re: Unable to connect to server (SSL Error)
Posted: March 7th, 2017, 4:47 pm
by sander
I'm running into an error connecting to one of my providers.
Which provider / newsserver?
What happens when you fill out that newsserver on
https://sabnzbd.org/wiki/advanced/certificate-errors and click on Test Server?
Re: Unable to connect to server (SSL Error)
Posted: March 7th, 2017, 4:55 pm
by fatgeek
Altopia (news.altopia.com)
When I use the tester I get:
Code: Select all
Server not found, no SSL on port 563, or other error
Altopia is listed as OK x3 on
https://www.appelboor.com/newsservers/n ... h-SSL.html
I tried with NZBGet on WIndows and was able to connect with identical settings.
Re: Unable to connect to server (SSL Error)
Posted: March 7th, 2017, 5:39 pm
by safihre
Did you try actually just downloading?
Altopia is strange in the way that they have very long delays after some unsuccessful login event. They add a delay of 20 seconds or something, what Sab considers too long. But usually the downloading actually works fine.
Re: Unable to connect to server (SSL Error)
Posted: March 7th, 2017, 5:59 pm
by sander
quotes from my sabnzbd.log (Ubuntu 17.04):
Code: Select all
2017-03-07 23:50:46,912::INFO::[sabnzbdplus:1250] SSL version OpenSSL 1.0.2g 1 Mar 2016
2017-03-07 23:50:46,912::INFO::[sabnzbdplus:1251] SSL supported protocols ['TLS v1.2', 'TLS v1.1', 'TLS v1']
2017-03-07 23:51:41,272::INFO::[newswrapper:230] [email protected]: Connected using TLSv1.2 (ECDHE-RSA-AES256-GCM-SHA384)
2017-03-07 23:53:05,240::INFO::[newswrapper:230] [email protected]: Connected using TLSv1.2 (ECDHE-RSA-AES256-GCM-SHA384)
2017-03-07 23:53:36,036::INFO::[newswrapper:230] [email protected]: Connected using TLSv1.2 (ECDHE-RSA-AES256-GCM-SHA384)
So no problem with NNTPS, connecting via ECDHE-RSA-AES256-GCM-SHA384 (which is in your OpenSSL overview)
Re: Unable to connect to server (SSL Error)
Posted: March 7th, 2017, 6:50 pm
by fatgeek
safihre wrote:Did you try actually just downloading?
Altopia is strange in the way that they have very long delays after some unsuccessful login event. They add a delay of 20 seconds or something, what Sab considers too long. But usually the downloading actually works fine.
I have. Your question actually answers a huge issue I've been having lately though. I get some downloads that enter the queue and stay on checking forever. They never get to failed, they just stick in checking forever. I had Altopia set in my server list as priority 1 with another set to 0. I just went in and disabled Altopia and tried a few of the nzbs that I know spun forever and they downloaded fine. So, if Altopia is doing something that is causing my downloads to do this, I'll probably end up canceling with them and finding another backup.
Re: Unable to connect to server (SSL Error)
Posted: March 8th, 2017, 2:29 am
by sander
I tried with NZBGet on WIndows and was able to connect with identical settings.
What if you try SABnzbd on Windows? Does altopia work then?
Two more things:
- on your unRaid, if you set the connection the plain NNTP (port 199, no SSL), can you make a connection?
- on your unrRaid, can you set the connection to NTTPS, but with no checking (under Advanced)?
Re: Unable to connect to server (SSL Error)
Posted: March 8th, 2017, 3:29 am
by safihre
It should've been fixed indeed in 1.2.1, worked with Altopia to fix it.. But seems wasn't enough.
Their servers have quite a lot of timeout!
Re: Unable to connect to server (SSL Error)
Posted: March 8th, 2017, 12:09 pm
by fatgeek
sander wrote:
I tried with NZBGet on WIndows and was able to connect with identical settings.
What if you try SABnzbd on Windows? Does altopia work then?
Two more things:
- on your unRaid, if you set the connection the plain NNTP (port 199, no SSL), can you make a connection?
- on your unrRaid, can you set the connection to NTTPS, but with no checking (under Advanced)?
I just installed Sab on Windows and it worked fine. I did notice some different versions. Maybe that's the issue:
Sab: 1.2.2 [555d841]
Python: 2.7.13 (v2.7.13:a06454b1afa1, Dec 17 2016, 20:42:59) [MSC v.1500 32 bit (Intel)] [cp1252]
OpenSSL: OpenSSL 1.0.2j 26 Sep 2016 [TLS v1.2, TLS v1.1, TLS v1, SSL v3]
On unRAID, it does work on 119, no SSL. By "no checking" do you mean the certificate verification? If so, I've tried all three options and none worked.
Re: Unable to connect to server (SSL Error)
Posted: March 8th, 2017, 1:10 pm
by safihre
1.2.2=1.2.1,was only a fix for a Windows problem
So it is platform specific? Hmmm that's weird.
I can't really explain that.. Sander maybe?
Re: Unable to connect to server (SSL Error)
Posted: March 8th, 2017, 2:14 pm
by sander
I can only think of one thing: incorrect / incomplete CA Root store. That does not explain everything, but I have no other hypotheses.
@fatgeek: which container image do you use? And how do you start it? I can't find it ... unless you mean "linuxserver/sabnzbd"
Code: Select all
$ sudo docker run -it linuxserver/unraid /bin/bash
Unable to find image 'linuxserver/unraid:latest' locally
Pulling repository docker.io/linuxserver/unraid
docker: Error: image linuxserver/unraid:latest not found.
Code: Select all
$ sudo docker run -it linuxserver:unraid /bin/bash
Unable to find image 'linuxserver:unraid' locally
Pulling repository docker.io/library/linuxserver
docker: Error: image library/linuxserver:unraid not found.
Code: Select all
$ sudo docker search unraid
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
tyler43636/unraid-plexpass Ubuntu Linux Docker with Plex Media Server... 2 [OK]
manubocquet/unraid-squid Unraid squid 1 [OK]
manubocquet/unraid-mosquitto mosquitto for unraid server 0 [OK]
topdockercat/minio-unraid Minio is an Amazon S3 compatible object st... 0 [OK]
airbillion/youtube-dl-unraid Youtube-dl container for Unraid 0 [OK]
manubocquet/unraid-netdata Unraid net data 0 [OK]
tyler43636/unraid-plex Ubuntu Linux Docker with Plex Media Server... 0 [OK]
tyler43636/unraid-plexpy Ubuntu Linux Docker with PlexPy installed 0 [OK]
tyler43636/unraid-jackett Jackett install on top of the official mon... 0 [OK]
tyler43636/unraid-sonarr Sonarr install on top of the official mono... 0 [OK]
htpcguides/unraid-nzbget unRAID NZBGet 0 [OK]
notsteve/sagetv-unraid For unraid 0 [OK]
smirgel/unraid Unraid docker images 0 [OK]
codechimporg/unraid-dockers-elk ELK stack for docker on unraid 0 [OK]
htpcguides/unraid-plex unRAID Plex Docker 0 [OK]
roninkenji/unraid-dev-docker Docker for development under Slackware use... 0 [OK]
savestheday/docker-ventrilo-unraid Ventrilo for unRAID 0 [OK]
leonowski/unraid-ha-bridge unraid ha bridge 0 [OK]
adamrbell/unraid-udpt Build and run udpt tracker on unRAID 0 [OK]
manubocquet/unraid-telegraf Telegraf dockerfile 0 [OK]
hernandito/sonos-api-unraid Sonos API Docker to be used in unRAID. 0 [OK]
drewster727/glances-unraid Glances for unRAID 0 [OK]
codechimporg/unraid-dockers-haproxy HAProxy for docker on unraid 0 [OK]
adamrbell/unraid-qbittorrent **TESTING** This is a playground for my pe... 0 [OK]
airbillion/unraid-borgjs borgjs docker 0 [OK]
Code: Select all
$ sudo docker search linuxserver
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
linuxserver/plex A Plex Media Server container, brought to ... 257 [OK]
linuxserver/sonarr A Sonarr container, brought to you by Linu... 187 [OK]
linuxserver/couchpotato A CouchPotato container, brought to you by... 182 [OK]
linuxserver/sabnzbd A Sabnzbd container, brought to you by Lin... 80 [OK]
linuxserver/plexpy A PlexPy container, brought to you by Linu... 80 [OK]
linuxserver/nzbget An Nzbget container, brought to you by Lin... 80 [OK]
linuxserver/deluge A Deluge container, brought to you by Linu... 69
linuxserver/sickrage A SickRage container, brought to you by Li... 61
linuxserver/transmission A Transmission container, brought to you b... 57
linuxserver/headphones A Headphones container, brought to you by ... 56 [OK]
linuxserver/unifi A Unifi container, brought to you by Linux... 40
linuxserver/syncthing A Syncthing container, brought to you by L... 35
linuxserver/radarr A Radarr container, brought to you by Linu... 31
linuxserver/hydra An NzbHydra container, brought to you by L... 28
linuxserver/smokeping A Smokeping container, brought to you by L... 27 [OK]
linuxserver/muximux A Muximux container, brought to you by Lin... 27
linuxserver/jackett A Jackett container, brought to you by Lin... 25
linuxserver/htpcmanager An HTPCManager container, brought to you b... 22
linuxserver/plexrequests A PlexRequests container, brought to you b... 22
linuxserver/beets A Beets container, brought to you by Linux... 20
linuxserver/rutorrent A Rutorrent container, brought to you by L... 18
linuxserver/pydio A Pydio container, brought to you by Linux... 16
linuxserver/nginx An Nginx container, brought to you by Linu... 14
linuxserver/quassel-core A Quassel core container, brought to you b... 12 [OK]
linuxserver/mariadb A Mariadb container, brought to you by Lin... 11
Re: Unable to connect to server (SSL Error)
Posted: March 8th, 2017, 3:18 pm
by fatgeek
sander wrote:I can only think of one thing: incorrect / incomplete CA Root store. That does not explain everything, but I have no other hypotheses.
@fatgeek: which container image do you use? And how do you start it? I can't find it ... unless you mean "linuxserver/sabnzbd"
Code: Select all
$ sudo docker run -it linuxserver/unraid /bin/bash
Unable to find image 'linuxserver/unraid:latest' locally
Pulling repository docker.io/linuxserver/unraid
docker: Error: image linuxserver/unraid:latest not found.
Code: Select all
$ sudo docker run -it linuxserver:unraid /bin/bash
Unable to find image 'linuxserver:unraid' locally
Pulling repository docker.io/library/linuxserver
docker: Error: image library/linuxserver:unraid not found.
Code: Select all
$ sudo docker search unraid
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
tyler43636/unraid-plexpass Ubuntu Linux Docker with Plex Media Server... 2 [OK]
manubocquet/unraid-squid Unraid squid 1 [OK]
manubocquet/unraid-mosquitto mosquitto for unraid server 0 [OK]
topdockercat/minio-unraid Minio is an Amazon S3 compatible object st... 0 [OK]
airbillion/youtube-dl-unraid Youtube-dl container for Unraid 0 [OK]
manubocquet/unraid-netdata Unraid net data 0 [OK]
tyler43636/unraid-plex Ubuntu Linux Docker with Plex Media Server... 0 [OK]
tyler43636/unraid-plexpy Ubuntu Linux Docker with PlexPy installed 0 [OK]
tyler43636/unraid-jackett Jackett install on top of the official mon... 0 [OK]
tyler43636/unraid-sonarr Sonarr install on top of the official mono... 0 [OK]
htpcguides/unraid-nzbget unRAID NZBGet 0 [OK]
notsteve/sagetv-unraid For unraid 0 [OK]
smirgel/unraid Unraid docker images 0 [OK]
codechimporg/unraid-dockers-elk ELK stack for docker on unraid 0 [OK]
htpcguides/unraid-plex unRAID Plex Docker 0 [OK]
roninkenji/unraid-dev-docker Docker for development under Slackware use... 0 [OK]
savestheday/docker-ventrilo-unraid Ventrilo for unRAID 0 [OK]
leonowski/unraid-ha-bridge unraid ha bridge 0 [OK]
adamrbell/unraid-udpt Build and run udpt tracker on unRAID 0 [OK]
manubocquet/unraid-telegraf Telegraf dockerfile 0 [OK]
hernandito/sonos-api-unraid Sonos API Docker to be used in unRAID. 0 [OK]
drewster727/glances-unraid Glances for unRAID 0 [OK]
codechimporg/unraid-dockers-haproxy HAProxy for docker on unraid 0 [OK]
adamrbell/unraid-qbittorrent **TESTING** This is a playground for my pe... 0 [OK]
airbillion/unraid-borgjs borgjs docker 0 [OK]
Code: Select all
$ sudo docker search linuxserver
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
linuxserver/plex A Plex Media Server container, brought to ... 257 [OK]
linuxserver/sonarr A Sonarr container, brought to you by Linu... 187 [OK]
linuxserver/couchpotato A CouchPotato container, brought to you by... 182 [OK]
linuxserver/sabnzbd A Sabnzbd container, brought to you by Lin... 80 [OK]
linuxserver/plexpy A PlexPy container, brought to you by Linu... 80 [OK]
linuxserver/nzbget An Nzbget container, brought to you by Lin... 80 [OK]
linuxserver/deluge A Deluge container, brought to you by Linu... 69
linuxserver/sickrage A SickRage container, brought to you by Li... 61
linuxserver/transmission A Transmission container, brought to you b... 57
linuxserver/headphones A Headphones container, brought to you by ... 56 [OK]
linuxserver/unifi A Unifi container, brought to you by Linux... 40
linuxserver/syncthing A Syncthing container, brought to you by L... 35
linuxserver/radarr A Radarr container, brought to you by Linu... 31
linuxserver/hydra An NzbHydra container, brought to you by L... 28
linuxserver/smokeping A Smokeping container, brought to you by L... 27 [OK]
linuxserver/muximux A Muximux container, brought to you by Lin... 27
linuxserver/jackett A Jackett container, brought to you by Lin... 25
linuxserver/htpcmanager An HTPCManager container, brought to you b... 22
linuxserver/plexrequests A PlexRequests container, brought to you b... 22
linuxserver/beets A Beets container, brought to you by Linux... 20
linuxserver/rutorrent A Rutorrent container, brought to you by L... 18
linuxserver/pydio A Pydio container, brought to you by Linux... 16
linuxserver/nginx An Nginx container, brought to you by Linu... 14
linuxserver/quassel-core A Quassel core container, brought to you b... 12 [OK]
linuxserver/mariadb A Mariadb container, brought to you by Lin... 11
unRAID is the OS, Docker runs on top of unRAID. The container I'm using is linuxserver/sabnzbd:
https://hub.docker.com/r/linuxserver/sabnzbd/
unRAID has a GUI that allows for administering Docker containers. Under the GUI, my run line ends up looking like this:
Code: Select all
docker run -d --name="sabnzbd" --net="bridge" -e TZ="America/New York" -e HOST_OS="unRAID" -e "PUID"="99" -e "PGID"="100" -p 8080:8080/tcp -p 9090:9090/tcp -v "/mnt/user/downloads/":"/downloads":rw -v "/mnt/user/downloads/sab-temp/":"/incomplete-downloads":rw -v "/mnt/user/appdata/sabnzbd":"/config":rw linuxserver/sabnzbd
Re: Unable to connect to server (SSL Error)
Posted: March 8th, 2017, 3:21 pm
by fatgeek
I just tried running update-ca-certificates:
Code: Select all
root@tower:~# docker exec -it sabnzbd /bin/bash
root@0bb56fa6e4f7:/# update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
root@0bb56fa6e4f7:/#
Re: Unable to connect to server (SSL Error)
Posted: March 8th, 2017, 3:28 pm
by sander
I ran linuxserver/sabnzbd (docker image) on my Ubuntu, and I can successfully connect to Altopia:
Code: Select all
2017-03-08 19:24:48,277::INFO::[newswrapper:250] [email protected]: Connected using TLSv1.2 (ECDHE-RSA-AES256-GCM-SHA384)
So I can't reproduce. :-(
Re: Unable to connect to server (SSL Error)
Posted: March 8th, 2017, 7:13 pm
by fatgeek
I've been doing some more troubleshooting on this and this is what I have so far:
I tried another docker container on unRAID, needo/sabnzbd and it also was unable to connect to Altopia.
I then installed sab on an Ubuntu 16.04 VM from jfcp/nobetas and it was able to connect fine. I then ran the linuxserver/sabnzbd docker container on that same VM and it also connected fine.
So, I'm starting to think that the issue lies with unRAID, but have no idea how.