Doesnt start after enabling SSL with letsencrypt
Forum rules
Help us help you:
Help us help you:
- Are you using the latest stable version of SABnzbd? Downloads page.
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Re: Doesnt start after enabling SSL with letsencrypt
So it works now? Can you explain how, so that other Windows users can benefit?
Re: Doesnt start after enabling SSL with letsencrypt
Ah, interesting: the RFC https://tools.ietf.org/html/rfc7468#section-5.2 says "Many tools are known to emit explanatory text before the BEGIN and after the END lines for PKIX certificates".
So I tried if SABnzbd 3 can handle that, and ... yes, it can! So that is good news, and it is not the cause of the problems you saw.
And so the text introduced in your PEM file is OK.
So I tried if SABnzbd 3 can handle that, and ... yes, it can! So that is good news, and it is not the cause of the problems you saw.
And so the text introduced in your PEM file is OK.
Code: Select all
5.2. Explanatory Text
Many tools are known to emit explanatory text before the BEGIN and
after the END lines for PKIX certificates, more than any other type.
If emitted, such text SHOULD be related to the certificate, such as
providing a textual representation of key data elements in the
certificate.
Subject: CN=Atlantis
Issuer: CN=Atlantis
Validity: from 7/9/2012 3:10:38 AM UTC to 7/9/2013 3:10:37 AM UTC
-----BEGIN CERTIFICATE-----
MIIBmTCCAUegAwIBAgIBKjAJBgUrDgMCHQUAMBMxETAPBgNVBAMTCEF0bGFudGlz
MB4XDTEyMDcwOTAzMTAzOFoXDTEzMDcwOTAzMTAzN1owEzERMA8GA1UEAxMIQXRs
YW50aXMwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAu+BXo+miabDIHHx+yquqzqNh
Ryn/XtkJIIHVcYtHvIX+S1x5ErgMoHehycpoxbErZmVR4GCq1S2diNmRFZCRtQID
AQABo4GJMIGGMAwGA1UdEwEB/wQCMAAwIAYDVR0EAQH/BBYwFDAOMAwGCisGAQQB
gjcCARUDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDAzA1BgNVHQEE
LjAsgBA0jOnSSuIHYmnVryHAdywMoRUwEzERMA8GA1UEAxMIQXRsYW50aXOCASow
CQYFKw4DAh0FAANBAKi6HRBaNEL5R0n56nvfclQNaXiDT174uf+lojzA4lhVInc0
ILwpnZ1izL4MlI9eCSHhVQBHEp2uQdXJB+d5Byg=
-----END CERTIFICATE-----Re: Doesnt start after enabling SSL with letsencrypt
This entire thread can be ignored, mostly, except for people who might be interested in how to extract a certificate and key from a pfx.
The script I was using first extracts the encrypted key from the pfx as key.key
It then decrypts the key to key-decrypted.key
It is the SUPPOSED to copy over the certificate and the decrypted key to the /admin folder on sab.
What my script was actually doing was copying over the cert and ENCRYPTED key to the /admin folder.
I fixed my script so that its now renaming the key-decrypted.key to server.key and the certificate to server.cert and copies them over to the /admin folder.
And it works. TL;DR I was using the encrypted key instead of the decrypted key.
Anyway, so this thread isnt a total waste here are some commands with OpenSSL on Windows to get the cert/key pair out of a pfx:
Extracts Encrypted Key from pfx:
openssl pkcs12 -in c:\certificatework\jma3.pfx -nocerts -out c:\certificatework\jma3.key -passin pass:1234 -passout pass:1234
Decrypts the key
openssl rsa -in c:\certificatework\jma3.key -out c:\certificatework\jma3decrypted.key -passin pass:1234
Extracts Certificate from pfx
openssl pkcs12 -in c:\certificatework\jma3.pfx -clcerts -nokeys -out c:\certificatework\jma3.crt -passin pass:1234
Of course change around your paths and adjust your passwords in the passin/passout switches. You can then rename your decrypted key and certificate appropriately and move them to the /admin folder to sabnzbd to use.
The script I was using first extracts the encrypted key from the pfx as key.key
It then decrypts the key to key-decrypted.key
It is the SUPPOSED to copy over the certificate and the decrypted key to the /admin folder on sab.
What my script was actually doing was copying over the cert and ENCRYPTED key to the /admin folder.
I fixed my script so that its now renaming the key-decrypted.key to server.key and the certificate to server.cert and copies them over to the /admin folder.
And it works. TL;DR I was using the encrypted key instead of the decrypted key.
Anyway, so this thread isnt a total waste here are some commands with OpenSSL on Windows to get the cert/key pair out of a pfx:
Extracts Encrypted Key from pfx:
openssl pkcs12 -in c:\certificatework\jma3.pfx -nocerts -out c:\certificatework\jma3.key -passin pass:1234 -passout pass:1234
Decrypts the key
openssl rsa -in c:\certificatework\jma3.key -out c:\certificatework\jma3decrypted.key -passin pass:1234
Extracts Certificate from pfx
openssl pkcs12 -in c:\certificatework\jma3.pfx -clcerts -nokeys -out c:\certificatework\jma3.crt -passin pass:1234
Of course change around your paths and adjust your passwords in the passin/passout switches. You can then rename your decrypted key and certificate appropriately and move them to the /admin folder to sabnzbd to use.