Re: Untrusted certificate
Posted: September 30th, 2021, 3:49 pm
Does anyone have any idea how to fix this in FreeBSD?
Same issue reported here, Win 10, started today.
Followed chrblack's solution, worked like a charm. Fantastic work!
SABnzbd Forums
Untrusted certificate [Eweka, newshosting, Let's encrypt R3]
Page 3 of 5
Re: Untrusted certificate
Posted: September 30th, 2021, 5:54 pm
Re: Untrusted certificate
Posted: October 1st, 2021, 8:18 am
I originally contacts Eweka and got some really duff advice "You can solve the problem by turning off the SSL or by using another news client."
Thanks to a great post from Chrblack, I ignored this obviously incorrect support advice from eweka
I have a really old Windows 7 machine and I decided to update all the effected certificates. Not sure if this was overkill.
1. Open Run and type mmc.exe
2. Select <File>, <Add/Remove Snap-In..>
3. Choose <Certificates>
4. Select <My User Account>, and click<OK>
5. Expand <Certificates - Current User>
6. Expand <Intermediate Certificate Authorities>, and Click <Certificates>
7. Find any R3's and delete them.
8. Expand <Trusted Root Certificate Authorities>, and Click <Certificates>
9. Find the ISRG Root X1 and delete it.
10. Go to h t t p s : / / l e t s e n c r y p t . o r g / c e r t i f i c a t e s /
11. Scroll down to Root Certificates, Active, SRG Root X1, Self-signed and download the 'der' certificate
12. Scroll down to Intermediate Certificates, Active, Let’s Encrypt R3, Signed by ISRG Root X1 and download the 'der' certificate
13. Double click the downloaded der file from 11. > Click open > Click Install Certificate > next > click Place certificates in selected store > browse > Trusted Root Certification Authorities > OK > Next.
14. Double click the downloaded der file from 12. > Click open > Click Install Certificate > next > click Place certificates in selected store > browse > Intermediate Certificates Authorities > OK > Next.
Thanks to a great post from Chrblack, I ignored this obviously incorrect support advice from eweka
I have a really old Windows 7 machine and I decided to update all the effected certificates. Not sure if this was overkill.
1. Open Run and type mmc.exe
2. Select <File>, <Add/Remove Snap-In..>
3. Choose <Certificates>
4. Select <My User Account>, and click<OK>
5. Expand <Certificates - Current User>
6. Expand <Intermediate Certificate Authorities>, and Click <Certificates>
7. Find any R3's and delete them.
8. Expand <Trusted Root Certificate Authorities>, and Click <Certificates>
9. Find the ISRG Root X1 and delete it.
10. Go to h t t p s : / / l e t s e n c r y p t . o r g / c e r t i f i c a t e s /
11. Scroll down to Root Certificates, Active, SRG Root X1, Self-signed and download the 'der' certificate
12. Scroll down to Intermediate Certificates, Active, Let’s Encrypt R3, Signed by ISRG Root X1 and download the 'der' certificate
13. Double click the downloaded der file from 11. > Click open > Click Install Certificate > next > click Place certificates in selected store > browse > Trusted Root Certification Authorities > OK > Next.
14. Double click the downloaded der file from 12. > Click open > Click Install Certificate > next > click Place certificates in selected store > browse > Intermediate Certificates Authorities > OK > Next.
Re: Untrusted certificate
Posted: October 1st, 2021, 11:16 am
Anyone know how to resolve this on a Synology?
Thank you
Thank you
Re: Untrusted certificate
Posted: October 1st, 2021, 2:08 pm
Re: Untrusted certificate
Posted: October 1st, 2021, 2:15 pm
Re: Untrusted certificate
Posted: October 1st, 2021, 2:43 pm
For me it was an expired intermediate certificate "R3", not root. Did you check that?alfred_j_kwack wrote: ↑October 1st, 2021, 2:15 pmChecked all the ".pem" files I could for the offending "DST Root CA X3" cert and removed it from essentially all the python versions. No dice though. At least you can scrap that off your list.
Re: Untrusted certificate
Posted: October 1st, 2021, 3:14 pm
Here's a search:chrblack wrote: ↑October 1st, 2021, 2:43 pmFor me it was an expired intermediate certificate "R3", not root. Did you check that?alfred_j_kwack wrote: ↑October 1st, 2021, 2:15 pmChecked all the ".pem" files I could for the offending "DST Root CA X3" cert and removed it from essentially all the python versions. No dice though. At least you can scrap that off your list.
Code: Select all
user@system# openssl crl2pkcs7 -nocrl -certfile ./@appstore/sabnzbd/env/lib/python3.8/site-packages/pip/_vendor/certifi/cacert.pem | openssl pkcs7 -print_certs -text -noout | grep -A 1 2021
Not After : Dec 15 08:00:00 2021 GMT
Subject: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
--
Not After : Mar 17 18:33:33 2021 GMT
Subject: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
--
Not After : Apr 6 07:29:40 2021 GMT
Subject: C=FI, O=Sonera, CN=Sonera Class2 CA
--
Not After : Dec 15 08:00:00 2021 GMT
Subject: O=Cybertrust, Inc, CN=Cybertrust Global Root-- Update. No dice. No change
-- Update2. SOLVED Ugrading to the latest DSM on Synology, reloading the SAB packages from community fixed the issue for me
Re: Untrusted certificate
Posted: October 1st, 2021, 9:13 pm
I am on QNAP, also getting errors due to the Let's Encrypt CA Certificate problem.
Would it be possible for someone to please list step-by-step instructions on how to delete the expired CA or intermediate certificate(s)?
I can SSH into the QNAP as admin, but I'm not able to work out what to do from there.
thanks in advance!
SABNZBD version 3.4.0
Config File: /share/CE_CACHEDEV1_DATA/.qpkg/QSabNZBd3/SAB_CONFIG/config.ini
OpenSSL: OpenSSL 1.1.1
Python Version: 3.7.8
QNAP Firmware version 4.5.4.1800 (up to date as of 1 October 2021)
Would it be possible for someone to please list step-by-step instructions on how to delete the expired CA or intermediate certificate(s)?
I can SSH into the QNAP as admin, but I'm not able to work out what to do from there.
thanks in advance!
SABNZBD version 3.4.0
Config File: /share/CE_CACHEDEV1_DATA/.qpkg/QSabNZBd3/SAB_CONFIG/config.ini
OpenSSL: OpenSSL 1.1.1
Python Version: 3.7.8
QNAP Firmware version 4.5.4.1800 (up to date as of 1 October 2021)
Re: Untrusted certificate
Posted: October 1st, 2021, 10:07 pm
For the QNAP NAS users: which QPKG are you using please? Are you using Stephane's QSabNZBdPlus, or the one installed via sherpa?
I've checked the sherpa one with Newshosting and SSL - works fine.
I've checked the sherpa one with Newshosting and SSL - works fine.
Re: Untrusted certificate
Posted: October 1st, 2021, 10:23 pm
Re: Untrusted certificate
Posted: October 2nd, 2021, 3:18 am
Where is this hiding at?chrblack wrote: ↑October 1st, 2021, 2:43 pmFor me it was an expired intermediate certificate "R3", not root. Did you check that?alfred_j_kwack wrote: ↑October 1st, 2021, 2:15 pmChecked all the ".pem" files I could for the offending "DST Root CA X3" cert and removed it from essentially all the python versions. No dice though. At least you can scrap that off your list.
I can confirm simply removing sab and re-installing on Synology does not work.
Sadly, I'm using Xpenology (Synology on non-branded hardware) and cannot update DSM any further than 6.2.3-25426 at present.
Re: Untrusted certificate
Posted: October 2nd, 2021, 3:28 am
I installed the Sherpa version. Working fine now.
Perhaps it is related to one of the following differences that I can find:
Python version 3.9.6 (3.7.8 with Qoolbox SabNZBPlus 3)
OpenSSL version 1.1.1k (1.1.1 with Qoolbox SabNZBPlus 3)
If not, I am out of ideas.
I will stick with the Sherpa version now anyway.
Perhaps it is related to one of the following differences that I can find:
Python version 3.9.6 (3.7.8 with Qoolbox SabNZBPlus 3)
OpenSSL version 1.1.1k (1.1.1 with Qoolbox SabNZBPlus 3)
If not, I am out of ideas.
I will stick with the Sherpa version now anyway.
dreamk21 wrote: ↑October 1st, 2021, 10:23 pm I am using the qnapclub store version SabNZBPlus 3 from https://www.qnapclub.eu/en/qpkg/1012
Re: Untrusted certificate
Posted: October 2nd, 2021, 3:33 am
Re: Untrusted certificate
Posted: October 2nd, 2021, 4:15 am