SABnzbd Forums

pven wrote: ↑July 25th, 2018, 1:13 pmHowever: when I load the generated certificate in chrome, it still tells me SABnzbd is not safe, I need to look at that further

Every browser will tell you that for a self-signed cert (as they should). The difference is what options they give you afterwards (i.e. to trust it anyway, add a permanent exception, etc.). Other ways out of those warnings involve manipulating the os and/or browser cert store (comes with its own dangers) or to get a more official certs (e.g. letsencrypt).

That's why I asked you ... Chrome does not trust self-signed certificates.

One step further is Let's Encrypt ... real certificates. You will need a hostname, for example via duckdns.

Thanks! Now I understand. :-)

I am going to look at Let's Encrypt. Last question: should I only open port 80 during the creation of the certificate, or should it be open 'for ever'?

Only during certificate request and renewal. Plus port 443, I guess

To be complete: opening port 80 was sufficient. It works now!

I created a certificate by using DSM on Synology, I exported this certificate and used it for SABnzbd. This is valid. :-)

pven wrote: ↑July 29th, 2018, 10:01 am To be complete: opening port 80 was sufficient. It works now!

I created a certificate by using DSM on Synology, I exported this certificate and used it for SABnzbd. This is valid. :-)

"exported"? Do you mean you copied? If so, remember you must export it again after renewing your certificate.

To avoid copying, you could also point sabnzbd.ini's cert settings to the location where the Letsencrypt ACME tool puts them.

I use Letsencrypt for SABnzbd this way: Letsencrypt on Apache, with Apache a proxy to SABnzbd.

I know this is old, but for me the answer was as simple as copying the pem files from the LetsEncrypt's live domains directory into a place unique to sabnzbd. I had created links in cygwin but apparently SABnzbd is looking for hard files and rejects links. Probably some if (file exists) logic that doesn't account for symbolic links in Windows..?

LetsEncrypt uses a live and archive folder mechanism to link the live certificates to a rotating certificate archive. This doesn't make it easily possible to directly reference the LetsEncrypt certificates without the use of symbolic links.

For the time being, I've created a simple script that The -l copies links to files.

Hope this helps.. maybe someone with the time can submit an issue and fix this so we can simply reference the live symbolic links in LetsEncrypt.