SABnzbd Forums

So I've been using sabnzbd with the built-in self-signed certificate for years... as I was renewing my mail server cert I thought I'd create one for sabnzbd... after installing it the cherrypy web server would crash, manually editing the .ini to go back to the included ssl cert got me back up and running.

I'm running sabnzbd on CentOS 7...
Here is what I did:

1) create CSR and private key with openssl command: openssl req -newkey rsa:2048 -keyout my.key -out my.csr
2) Use StartSSL to generate a certificate from the CSR and download it.
3) move private key and downloaded cert to /usr/local/src/sabnzbd/.sabnzbd/admin/ as my.key and my.cert
4) change owner to sabnzbd_user and permissions to 600 (to match built-in server.cert and server.key)
5) In sabnzbd config change certificates from server.cert and server.key to my.cert and my.key
6) Restart sabnzbd
7) sabnzbd fails to load... check logs with no obvious explanation other than it shuts down after a failure with the cherrypy web server... manually edit /usr/local/src/sabnzbd/.sabnzbd/sabznbd.ini and change my.cert my.key back to server.cert and server.key

I was unsure on HTTPS chain, so I left it blank. I did try adding the intermediate CA certificate provided with my.cert to that (i.e. https_chain = "1_Intermediate.crt" ) but that made no difference either.

Not exactly world-ending, I can trust the certificate and avoid the self-signed error, but was just trying to do it the "right" way ( I should know better by now and stick with 'if it ain't broke...' )

Anywho, any help appreciated.
--
DavidKep

We need to check this soon.
I will try to publish a method for letsencrypt.org, but that will take a while.

shypike wrote: I will try to publish a method for letsencrypt.org, but that will take a while.

You remember I already wrote something: https://forums.sabnzbd.org/viewtopic.php?f=1&t=19684 ?

Or do you mean something else with "publish", like "in sabnzbd itself"?

sander wrote:

shypike wrote: You remember I already wrote something: https://forums.sabnzbd.org/viewtopic.php?f=1&t=19684 ?

Great, so I only need to try that myself.
I see that you need Apache2 as a front-end, so no easy method for SABnzbd itself.

shypike wrote:

sander wrote:

shypike wrote: You remember I already wrote something: https://forums.sabnzbd.org/viewtopic.php?f=1&t=19684 ?

Great, so I only need to try that myself.
I see that you need Apache2 as a front-end, so no easy method for SABnzbd itself.

I used apache2 as a 'vehicle' to let letsencrypt itself get and install the certificates on the system. I then copied the keys into sabnzbd/admin, and that worked. No Apache needed anymore

(And later on, I introduced apache as a proxy, to have less administration in case of key-renewal)

DavidKep wrote:...

Anywho, any help appreciated.
--
DavidKep

problem is the key file contains the passphrase. You need to remove it:
openssl rsa -in key.pem -out newkey.pem

it worked for me.
Same issue as:
http://stackoverflow.com/questions/9380 ... ror-indica