SABnzbd Forums

Hopefully, someone can advise, just out of the blue, I am now getting untrusted certificate from eweka, If I disable the certificate verification it obviously connects without erros. I am running win10, anyone got a fix for this?

I have exact same problem with both eweka and newsgroupdirect.

Same problem here with newshosting .
Problem only started today.
Something has obviously changed to affect different servers simultaneously.
Don’t really want to switch SSL off, but only way to connect at present.

Running Win 10 64bit. Version 20H2 build 19042.1237
Sab version 3.4.1

Edit
Can connect ok using newshosting client using SSL

For the record, this appears to be related to https://letsencrypt.org/docs/dst-root-c ... mber-2021/ given that all affected providers use letsencrypt for their ssl certificates. Rather than disabling ssl altogether, one could set certificate verification to off in sabnzbd's server settings as a temporary workaround.

I can't reproduce the problem on my linux system though and the certificate chains on the usenet servers look normal at first glance.

I have mine set to disabled for verification and not off as my above post might imply.
Not an expert on this but I presume it will still be connecting securely, and all that we are doing is trusting the server we are connecting to without verification.

Same problem here. My iphone also stopped connecting securely to my exchange server yesterday. All I had to do was reboot the exchange server, and it worked again. The news hosts might have to do the same thing.

I have the same problem with Microsoft Windows [version 10.0.19044.1237] with newshosting.
I think it's a local problem on the computer because on two other computers
(same Windows version) on the same network the whole thing works fine over SSL.
I just do not know what has changed specifically on this computer?

https://www.sslshopper.com/ssl-checker. ... eka.nl:563 shows the certificate chain of eweka is correct.

So problem is client side: in Windows

https://scotthelme.co.uk/lets-encrypt-o ... xpiration/ is a very long story, with this sentence "The certificate in here that is going to cause a problem is this one, the IdenTrust DST Root CA X3." ... "expiration date of 30th Sep 2021" ... which is today.

So ... fully update Windows and reboot a few times? I don't know much about Windows.

Updated Windows 10 64bit to version 21H1 (OS Build 19043.1227) rebooted

Still won't verify certificate

Checked for updates again in case updates had to be done in order.
System reports Up to date

Hopefully someone with greater knowledge than me will be able to work out what to do to fix this issue

No idea what happened in the 3 hours since my last post, in any case after double checking SABnzb now works again with SSL.
The only thing I noticed was a security intelligence update:

Version: 1.349.1685.0
Engine Version: 1.1.18500.10
Platform Version: 4.18.2108.7
Released: 9/30/2021 11:32:20 AM

everything very strange

Hi,

I too am having issues with Sab usenet provider SSL certificate verification. The certificate appears to validate everywhere else fine, but not in Sab.

Example:
The name/certificate validates just fine via ssl shopper.
https://www.sslshopper.com/ssl-checker. ... ng.com:563

Validates just fine in my browser, chain intact.
Issued by R3 valid from 9/27/21 to 2/26/21

but not via Sab
us.newshosting.com uses an untrusted certificate [Certificate not valid. This is most probably a server issue.]

I am running the latest version of Windows 11 completely patched. I checked my certificate store and have the correct trusted root for my providers certificate

Thanks

Now that we have seen this is going to be a widespread problem under Windows. What we need are clear steps to solve the issue in Windows 10 if such a solution is available to individual SAB users. Otherwise do we just have to wait for an updated trust cert to be distributed?

I too have the issue with the eweka certificate.
I opened a new Windows administrator account and it works when I login in the new account.
So how can it be an update if the Windows is the same?
Weird...

Getting a certificate error with newsdemon here. They told me to upgrade my equipment, hah. Rebooted Windows and the router, updated SABnzbd and still getting the error. Unsure what else to do at the moment.

Reading RogerYoung's post led me to investigate this as a user profile issue and I decided to have a look at my user certificate store. My user store had two certs for R3 in "Intermediate Certificate Authorities" one expired and one valid. I deleted the expired one and now everything works. I wouldn't have expected it to behave this way since the valid R3 intermediate was there, but I'll take it.

Steps I took:

1. Open Run and type mmc.exe
2. Select <File>, <Add/Remove Snap-In..>
3. Choose <Certificates>
4. Select <My User Account>, and click<OK>
5. Expand <Certificates - Current User>
6. Expand <Intermediate Certificate Authorities>, and Click <Certificates>
7. Find the expired R3 and delete it.

This appears to be the solution for Windows. If you are having the issue on any other platform I assume you'd just need to figure out how to delete the expired certificate on that platform.