SABnzbd Forums

Posted: **March 1st, 2021, 3:03 am**

Hmm, I'm not sure what else to check.

@sander: any thoughts on this?

Posted: **March 1st, 2021, 3:19 am**

My thoughts:
- I suspect a QNAP / package thing, not SABnzbd
- OP should each time check sabnzbd.log, and especially Traceback

Posted: **March 1st, 2021, 3:25 am**

My understanding from @GTunney on the QNAP forum is that this only started when they upgraded to SAB 3.2.0. There were no problems prior to that with HTTPS.

This didn't require an updated QPKG to be released - just a 'git pull' from within the existing package is sufficient.

But, I guess a refresh couldn't hurt. @GTunney, can you please run a 'clean' operation on that package?

Code: Select all

/etc/init.d/sabnzbd3.sh clean

This will ensure your local git clone of SAB is completely removed and refreshed from GitHub. Your settings will be retained.

Posted: **March 1st, 2021, 4:29 am**

OneCD wrote: ↑March 1st, 2021, 3:25 am My understanding from @GTunney on the QNAP forum is that this only started when they upgraded to SAB 3.2.0. There were no problems prior to that with HTTPS.

If so, that is important information which he/she did not share here. Pity.

If so: go back to SAB 3.1.1 and verify.

Posted: **March 1st, 2021, 6:26 am**

OneCD wrote: ↑March 1st, 2021, 3:25 am My understanding from @GTunney on the QNAP forum is that this only started when they upgraded to SAB 3.2.0. There were no problems prior to that with HTTPS.

This didn't require an updated QPKG to be released - just a 'git pull' from within the existing package is sufficient.

But, I guess a refresh couldn't hurt. @GTunney, can you please run a 'clean' operation on that package?
Code: Select all
/etc/init.d/sabnzbd3.sh clean
This will ensure your local git clone of SAB is completely removed and refreshed from GitHub. Your settings will be retained.

I've run a clean and it's still doing the same issue. OneCD I'm happy to speak privately on the QNAP forums if you want to do some testing?

sander wrote: ↑March 1st, 2021, 4:29 am If so, that is important information which he/she did not share here. Pity.

If so: go back to SAB 3.1.1 and verify.

I'm sorry, I was trying to narrow down whether it was the renewal of my SSL cert or the upgrade to 3.2.0, I thought I'd mentioned it but must have been on QNAP forums and not here.

Posted: **March 1st, 2021, 3:52 pm**

GTunney wrote: ↑March 1st, 2021, 6:26 am I've run a clean and it's still doing the same issue. OneCD I'm happy to speak privately on the QNAP forums if you want to do some testing?

No, let's keep the discussion here for now - it's easier to track the issue if everything is in one place.

sander wrote: ↑March 1st, 2021, 4:29 am If so: go back to SAB 3.1.1 and verify.

Good idea.

@GTunney, if you don't mind downgrading to SAB 3.1.1 for testing purposes, here's how to do it:

Edit the SAB3 QPKG service script file:

Code: Select all

nano $(getcfg SABnzbd Install_Path -f /etc/config/qpkg.conf)/sabnzbd3.sh

Near the start of the script, there's a line that says:
Code: Select all
```
    readonly SOURCE_GIT_BRANCH=master
```
Please change this to:
Code: Select all
```
    readonly SOURCE_GIT_BRANCH=3.1.1
```
... then exit the editor and save the changed script file.
Now, restart SAB with:
Code: Select all
```
/etc/init.d/sabnzbd3.sh restart
```
... and the script will automatically downgrade your SAB instance.
Then test for HTTPS operability.

Posted: **March 2nd, 2021, 12:53 pm**

OneCD wrote: ↑March 1st, 2021, 3:52 pm
GTunney wrote: ↑March 1st, 2021, 6:26 am I've run a clean and it's still doing the same issue. OneCD I'm happy to speak privately on the QNAP forums if you want to do some testing?
No, let's keep the discussion here for now - it's easier to track the issue if everything is in one place.

No probs, thought I'd just update with some extra info for help.

I also installed Stephanes qnapclub sab 3.2.0 version and copied over my config etc. Although not a direct comparison as his is running python 3.7.8 this one has currently been up and running now for over 18 hours and I can still access via https.

I shall follow your steps tomorrow to rollback your version to 3.1.1 but it does seem now this issue is pointing towards the sherpa upgrade to 3.2.0

Posted: **March 2nd, 2021, 5:19 pm**

Including this from the QNAP forum in-case it's relevant:

GTunney wrote: ↑March 1st, 2021, 1:47 pm Not sure if this is something that might help with my SSL issue, just saw this in the logs from today.

Code: Select all

2021-03-01 16:07:01,625::INFO::[notifier:122] Sending notification: Error - [01/Mar/2021:16:07:01] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
  File "/opt/lib/python3.9/site-packages/cheroot/server.py", line 1810, in serve
    self._connections.run(self.expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 201, in run
    self._run(expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 218, in _run
    new_conn = self._from_server_socket(self.server.socket)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 271, in _from_server_socket
    s, ssl_env = self.server.ssl_adapter.wrap(s)
  File "/opt/lib/python3.9/site-packages/cheroot/ssl/builtin.py", line 277, in wrap
    s = self.context.wrap_socket(
  File "/opt/lib/python3.9/ssl.py", line 500, in wrap_socket
  File "/opt/lib/python3.9/ssl.py", line 1040, in _create
  File "/opt/lib/python3.9/ssl.py", line 1309, in do_handshake
ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:1122)
 (type=error, job_cat=None)
2021-03-01 16:07:01,625::ERROR::[_cplogging:213] [01/Mar/2021:16:07:01] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
  File "/opt/lib/python3.9/site-packages/cheroot/server.py", line 1810, in serve
    self._connections.run(self.expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 201, in run
    self._run(expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 218, in _run
    new_conn = self._from_server_socket(self.server.socket)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 271, in _from_server_socket
    s, ssl_env = self.server.ssl_adapter.wrap(s)
  File "/opt/lib/python3.9/site-packages/cheroot/ssl/builtin.py", line 277, in wrap
    s = self.context.wrap_socket(
  File "/opt/lib/python3.9/ssl.py", line 500, in wrap_socket
  File "/opt/lib/python3.9/ssl.py", line 1040, in _create
  File "/opt/lib/python3.9/ssl.py", line 1309, in do_handshake
ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:1122)

Posted: **March 2nd, 2021, 6:02 pm**

A Google search for that error line gives this suggestion: https://stackoverflow.com/questions/654 ... -key-share

Posted: **March 3rd, 2021, 2:50 am**

Uptime with the QNAPclub 3.2.0 was over 24 hours and could still access via https.

I've now downgraded the sherpa package to 3.1.1 and will monitor.

Posted: **March 3rd, 2021, 10:07 am**

OneCD wrote: ↑March 2nd, 2021, 5:19 pm Including this from the QNAP forum in-case it's relevant:

GTunney wrote: ↑March 1st, 2021, 1:47 pm Not sure if this is something that might help with my SSL issue, just saw this in the logs from today.

Code: Select all

2021-03-01 16:07:01,625::INFO::[notifier:122] Sending notification: Error - [01/Mar/2021:16:07:01] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
  File "/opt/lib/python3.9/site-packages/cheroot/server.py", line 1810, in serve
    self._connections.run(self.expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 201, in run
    self._run(expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 218, in _run
    new_conn = self._from_server_socket(self.server.socket)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 271, in _from_server_socket
    s, ssl_env = self.server.ssl_adapter.wrap(s)
  File "/opt/lib/python3.9/site-packages/cheroot/ssl/builtin.py", line 277, in wrap
    s = self.context.wrap_socket(
  File "/opt/lib/python3.9/ssl.py", line 500, in wrap_socket
  File "/opt/lib/python3.9/ssl.py", line 1040, in _create
  File "/opt/lib/python3.9/ssl.py", line 1309, in do_handshake
ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:1122)
 (type=error, job_cat=None)
2021-03-01 16:07:01,625::ERROR::[_cplogging:213] [01/Mar/2021:16:07:01] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
  File "/opt/lib/python3.9/site-packages/cheroot/server.py", line 1810, in serve
    self._connections.run(self.expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 201, in run
    self._run(expiration_interval)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 218, in _run
    new_conn = self._from_server_socket(self.server.socket)
  File "/opt/lib/python3.9/site-packages/cheroot/connections.py", line 271, in _from_server_socket
    s, ssl_env = self.server.ssl_adapter.wrap(s)
  File "/opt/lib/python3.9/site-packages/cheroot/ssl/builtin.py", line 277, in wrap
    s = self.context.wrap_socket(
  File "/opt/lib/python3.9/ssl.py", line 500, in wrap_socket
  File "/opt/lib/python3.9/ssl.py", line 1040, in _create
  File "/opt/lib/python3.9/ssl.py", line 1309, in do_handshake
ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:1122)

Https access with Sherpa 3.1.1 has just gone off. Checked the logs and same error as above in the logs so doesn’t seem linked to 3.2.0 but deffo linked to Sherpa.

Posted: **March 3rd, 2021, 12:47 pm**

Puzzled wrote: ↑March 2nd, 2021, 6:02 pm A Google search for that error line gives this suggestion: https://stackoverflow.com/questions/654 ... -key-share

Nice find @Puzzled.

I've just modified sherpa to use the PIP 'pyopenssl' package instead of the IPKG 'python3-pyopenssl' package provided by Entware. Let's see if it solves the problem.

@GTunney, can you please run the following to switch the Python SSL modules?

Code: Select all

sherpa clean
sherpa reinstall sab

This will put you back on SAB 3.2.0.

Posted: **March 3rd, 2021, 1:41 pm**

We don't use pyOpenSSL in SABnzbd! So that won't change anything.

Posted: **March 3rd, 2021, 3:36 pm**

OneCD wrote: ↑March 3rd, 2021, 12:47 pm
Puzzled wrote: ↑March 2nd, 2021, 6:02 pm A Google search for that error line gives this suggestion: https://stackoverflow.com/questions/654 ... -key-share
Nice find @Puzzled.

I've just modified sherpa to use the PIP 'pyopenssl' package instead of the IPKG 'python3-pyopenssl' package provided by Entware. Let's see if it solves the problem.

@GTunney, can you please run the following to switch the Python SSL modules?
Code: Select all
sherpa clean
sherpa reinstall sab
This will put you back on SAB 3.2.0.

That hasn’t worked. If anything it’s worse. Only access on https for a few mins

Posted: **March 3rd, 2021, 4:11 pm**

GTunney wrote: ↑March 3rd, 2021, 3:36 pm That hasn’t worked. If anything it’s worse. Only access on https for a few mins

Bah!

safihre wrote: ↑March 3rd, 2021, 1:41 pm We don't use pyOpenSSL in SABnzbd! So that won't change anything.

Ah, no worries. Thank you.

@GTunney, are you able to post your entire SABnzbd log, and indicate the timestamps for each of your HTTPS access attempts?

SABnzbd Forums

https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]

Re: https access issues after renewing SSL cert [QNAP]