Page 1 of 2
Enabling https gives error
Posted: July 24th, 2018, 6:24 am
by pven
I created a host.key and a host.cert, after this I restart sabnzbd.
Unfortunately enabling https fails:
Code: Select all
2018-07-24 13:20:53,158::ERROR::[misc:1454] Error creating SSL key and certificate
2018-07-24 13:20:53,159::INFO::[misc:1455] Traceback:
Traceback (most recent call last):
File "/volume1/@appstore/sabnzbd/share/SABnzbd/sabnzbd/misc.py", line 1450, in create_https_certificates
private_key = generate_key(key_size=2048, output_file=ssl_key)
File "/volume1/@appstore/sabnzbd/share/SABnzbd/sabnzbd/utils/certgen.py", line 39, in generate_key
backend=default_backend()
File "/var/packages/python/target/lib/python2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 15, in default_backend
from cryptography.hazmat.backends.openssl.backend import backend
File "/var/packages/python/target/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
from cryptography.hazmat.backends.openssl.backend import backend
File "/var/packages/python/target/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 23, in <module>
from cryptography.hazmat.backends.openssl import aead
ImportError: cannot import name aead
2018-07-24 13:20:53,167::WARNING::[SABnzbd:1293] Disabled HTTPS because of missing CERT and KEY files
The options below are grepped from config.ini:
Code: Select all
https_port = 9090
https_key = host.key
https_chain = /usr/local/sabnzbd/var/admin/cert
enable_https = 1
https_cert = host.cert
enable_https_verification = 0
Both files are stored in /usr/local/sabnzbd/var/admin/cert/. Privileges are set to 755, and ownership is set to sc-sabnzbd for the user, and sabnzbd for the group (synology). But it fails ...
How can I fix this? I am out of options.
Re: Enabling https gives error
Posted: July 24th, 2018, 7:27 am
by sander
Fill out path and extensions correctly
Re: Enabling https gives error
Posted: July 24th, 2018, 7:29 am
by pven
Please be more specific. The mentioned path and filenames are, as far as I know, correct.
Re: Enabling https gives error
Posted: July 24th, 2018, 8:50 am
by safihre
This function is called when it cannot find the paths to the certificates, so it tries to make new ones. Double check that the paths are correct, like Sander said.
It seems to be a Synology package problem.
How did you create these host.key and host.cert files?
Re: Enabling https gives error
Posted: July 25th, 2018, 2:16 am
by pven
Thanks for the answers off course!
I placed both files in /usr/local/sabnzbd/var/admin/cert (since that path is mentioned). Is that ok? Or am I doing something wrong? (I am not good at this https-stuff. ;-) )
I followed
https://sabnzbd.org/wiki/advanced/https to create the keys:
Code: Select all
openssl genrsa 1024 > host.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
Re: Enabling https gives error
Posted: July 25th, 2018, 3:03 am
by sander
Why would you want to manually create a self-signed certificate? Sabnzbd can do that for you automagically.
Re: Enabling https gives error
Posted: July 25th, 2018, 3:11 am
by pven
I really don't care how it is created, so if SABnzbd can do it: fine :-)
I removed both files, restarted SABnzb and it looks like the issue is still there:
Code: Select all
2018-07-25 10:07:20,227::ERROR::[misc:1454] Error creating SSL key and certificate
2018-07-25 10:07:20,228::INFO::[misc:1455] Traceback:
Traceback (most recent call last):
File "/volume1/@appstore/sabnzbd/share/SABnzbd/sabnzbd/misc.py", line 1450, in create_https_certificates
private_key = generate_key(key_size=2048, output_file=ssl_key)
File "/volume1/@appstore/sabnzbd/share/SABnzbd/sabnzbd/utils/certgen.py", line 39, in generate_key
backend=default_backend()
File "/var/packages/python/target/lib/python2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 15, in default_backend
from cryptography.hazmat.backends.openssl.backend import backend
File "/var/packages/python/target/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
from cryptography.hazmat.backends.openssl.backend import backend
File "/var/packages/python/target/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 23, in <module>
from cryptography.hazmat.backends.openssl import aead
ImportError: cannot import name aead
2018-07-25 10:07:20,271::WARNING::[SABnzbd:1293] Disabled HTTPS because of missing CERT and KEY files
When I try as user sc-sabnzbd to create a file in /usr/local/sabnzbd/var/admin/cert that works
It feels like it tries to write to a different path?
Re: Enabling https gives error
Posted: July 25th, 2018, 7:09 am
by pven
I just changed everything in my sabnzb-folder to full privileges for everyone (777). The result is still the same ...
Re: Enabling https gives error
Posted: July 25th, 2018, 7:36 am
by jcfp
The ImportError cannot import name aead is a failure in the cryptography module install on your device. That code isn't part of sab nor typically supplied with it in a single package. So if you want that traceback fixed, file a bug with whoever supplies that module for your system.
Re: Enabling https gives error
Posted: July 25th, 2018, 7:42 am
by sander
Before we try to solve this, I have a few questions for you:
1) Why are you trying to enable HTTPS? What is your goal?
2) With which browser do you want to access SABnzbd over HTTPS?
3) Did you trying enabling HTTPS in SABnzbd: Config -> General -> "Enable HTTPS"
4) What happens when you that now, so in SABnzbd: Config -> General -> "Enable HTTPS"
Re: Enabling https gives error
Posted: July 25th, 2018, 10:12 am
by pven
Thanks! I will look at that.
To answer this questions:
1) Why are you trying to enable HTTPS? What is your goal?
I want to be able to open SABnzbd over the big bad internet without VPN or so.
2) With which browser do you want to access SABnzbd over HTTPS?
Chrome on Windows (latest stable release)
3) Did you trying enabling HTTPS in SABnzbd: Config -> General -> "Enable HTTPS"
Yes
4) What happens when you that now, so in SABnzbd: Config -> General -> "Enable HTTPS"
I will get the error shown above
Re: Enabling https gives error
Posted: July 25th, 2018, 10:35 am
by safihre
@sanderjo: This is the SynoCommunity package that I help create.
It clearly is something missing the the python-cryptography module building.
pven is using SAB's build-in ceterificate generating, but because the missing part it is failing.
He's doing the right thing, just the package of SynoCommunity is somehow broken.
Re: Enabling https gives error
Posted: July 25th, 2018, 10:38 am
by safihre
@pven It should, however, be possible to use your own certificates as long as you specify the paths correctly.
Since the SABnzbd package is running as sc-sabnzbd (part of sc-download group) you also need to make sure that that user or group can reach every part of the path to the certificate.
That doesn't seem to be the case, otherwise it wouldn't be trying to generate it's own certificates. So check permissions
Re: Enabling https gives error
Posted: July 25th, 2018, 11:21 am
by sander
safihre wrote: ↑July 25th, 2018, 10:35 am
@sanderjo: This is the SynoCommunity package that I help create.
It clearly is something missing the the python-cryptography module building.
pven is using SAB's build-in ceterificate generating, but because the missing part it is failing.
He's doing the right thing, just the package of SynoCommunity is somehow broken.
Triggered by @jcfp : That line "from cryptography.hazmat.backends.openssl import aead"
1) does not exist on my Ubuntu set (and SAB works great)
2) does exist in the github version of cryptography
https://github.com/pyca/cryptography/bl ... end.py#L23
Re: Enabling https gives error
Posted: July 25th, 2018, 1:13 pm
by pven
safihre wrote: ↑July 25th, 2018, 10:38 am
@pven It should, however, be possible to use your own certificates as long as you specify the paths correctly.
Since the SABnzbd package is running as sc-sabnzbd (part of sc-download group) you also need to make sure that that user or group can reach every part of the path to the certificate.
That doesn't seem to be the case, otherwise it wouldn't be trying to generate it's own certificates. So check permissions
I played around, and am able to start SABnzbd with https ENabled!
What I did was using the full path and filename for the key and certificate, and leave the chain-directory empty. Doing this, it will load the certificate I generated with openssl.
However: when I load the generated certificate in chrome, it still tells me SABnzbd is not safe, I need to look at that further. But my SABnzbd-issue is solved! But not the way I expected. :-)