So I've been using sabnzbd with the built-in self-signed certificate for years... as I was renewing my mail server cert I thought I'd create one for sabnzbd... after installing it the cherrypy web server would crash, manually editing the .ini to go back to the included ssl cert got me back up and running.
I'm running sabnzbd on CentOS 7...
Here is what I did:
1) create CSR and private key with openssl command: openssl req -newkey rsa:2048 -keyout my.key -out my.csr
2) Use StartSSL to generate a certificate from the CSR and download it.
3) move private key and downloaded cert to /usr/local/src/sabnzbd/.sabnzbd/admin/ as my.key and my.cert
4) change owner to sabnzbd_user and permissions to 600 (to match built-in server.cert and server.key)
5) In sabnzbd config change certificates from server.cert and server.key to my.cert and my.key
6) Restart sabnzbd
7) sabnzbd fails to load... check logs with no obvious explanation other than it shuts down after a failure with the cherrypy web server... manually edit /usr/local/src/sabnzbd/.sabnzbd/sabznbd.ini and change my.cert my.key back to server.cert and server.key
I was unsure on HTTPS chain, so I left it blank. I did try adding the intermediate CA certificate provided with my.cert to that (i.e. https_chain = "1_Intermediate.crt" ) but that made no difference either.
Not exactly world-ending, I can trust the certificate and avoid the self-signed error, but was just trying to do it the "right" way ( I should know better by now and stick with 'if it ain't broke...' )
Anywho, any help appreciated.
--
DavidKep
SSL Certificates (installing a StartSSL cert)
Forum rules
Help us help you:
Help us help you:
- Are you using the latest stable version of SABnzbd? Downloads page.
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Re: SSL Certificates (installing a StartSSL cert)
We need to check this soon.
I will try to publish a method for letsencrypt.org, but that will take a while.
I will try to publish a method for letsencrypt.org, but that will take a while.
Re: SSL Certificates (installing a StartSSL cert)
You remember I already wrote something: https://forums.sabnzbd.org/viewtopic.php?f=1&t=19684 ?shypike wrote: I will try to publish a method for letsencrypt.org, but that will take a while.
Or do you mean something else with "publish", like "in sabnzbd itself"?
Re: SSL Certificates (installing a StartSSL cert)
Great, so I only need to try that myself.sander wrote:shypike wrote: You remember I already wrote something: https://forums.sabnzbd.org/viewtopic.php?f=1&t=19684 ?
I see that you need Apache2 as a front-end, so no easy method for SABnzbd itself.
Re: SSL Certificates (installing a StartSSL cert)
I used apache2 as a 'vehicle' to let letsencrypt itself get and install the certificates on the system. I then copied the keys into sabnzbd/admin, and that worked. No Apache needed anymoreshypike wrote:Great, so I only need to try that myself.sander wrote:shypike wrote: You remember I already wrote something: https://forums.sabnzbd.org/viewtopic.php?f=1&t=19684 ?
I see that you need Apache2 as a front-end, so no easy method for SABnzbd itself.
(And later on, I introduced apache as a proxy, to have less administration in case of key-renewal)
Re: SSL Certificates (installing a StartSSL cert)
problem is the key file contains the passphrase. You need to remove it:DavidKep wrote:...
Anywho, any help appreciated.
--
DavidKep
openssl rsa -in key.pem -out newkey.pem
it worked for me.
Same issue as:
http://stackoverflow.com/questions/9380 ... ror-indica