SABnzbd Forums

Failed to connect: Server news.newshosting.com uses an untrusted certificate [Certificate not valid. This is most probably a server issue.] - Wiki: https://sabnzbd.org/certificate-errors 13@news.newshosting.com:563 (news.iad.newshosting.com)

Prevents downloads.

I accessed the site to Check SSL of Newsserver news.newshosting.com and they passed.

Newshosting's site has a link with steps to check some stuff, but i don't show the same items they list to check
https://support.newshosting.com/kb/arti ... on-failed/

Windows users may be able to resolve the issue by following these steps:

Open Run and type mmc.exe
Select <File>, <Add/Remove Snap-In>
Choose <Certificates>
Select <My User Account>, and click<OK>
Expand <Certificates - Current User>
Expand <Intermediate Certificate Authorities>, and Click <Certificates>
Find and delete the expired DST Root CA X3 and/or Let's Encrypt R3 certificates. <-- not on my PC

SABnzbd version: 4.4.0
Windows 11
No crazy VPN or firewalls running

What virusscanner do you use?
See https://github.com/sabnzbd/sabnzbd/issues/2993

Using Avast. I disabled cert verification for now, I'm not going turn off HTTPS scanning in Avast for the whole PC, that seems extreme.
Hope a better solution is found eventually.
Thanks for the links and quick reply, I'm able to download again.

If you disable certificate validation, your SSL becomes basically useless and anyone could perform a man-in-the-middle attack.

safihre wrote: ↑December 13th, 2024, 6:35 am If you disable certificate validation, your SSL becomes basically useless and anyone could perform a man-in-the-middle attack.

The OP already has a man-in-the-middle attack going on. It's called his virusscanner.

With his/her "I disabled cert verification for now", any (other) MitM can now happen.

Hmm - I also started getting the exact same issue yesterday, but with a different news host. I haven't been able to resolve it yet and also don't have the certificates which it is suggested may have expired. Also using Avast.

It is a problem of the latest sabnzbd version 4.4.0
I had the same problem, started early this morning after updating sabnzbd yesterday evening.
When sabnzbd failed I have tried another program using the same server and this worked without errors, so it is not a server problem.
I have reinstalled version 4.3.3 and the certificate problem is gone.

My system is Windows 10 x64, sabnzbd installed with the installer for windows.

Guys, before inventing the wheel again ... please join this thread: https://github.com/sabnzbd/sabnzbd/issu ... 2541553589

EDIT: create a github account to join, to retrieve the binary, and to share your feedback

Use the Sabnzbd Windows binary provided there, and provide feedback there.

Your help is needed!

sander wrote: ↑December 13th, 2024, 11:49 am
Use the Sabnzbd Windows binary provided there, and provide feedback there.

Your help is needed!

I don't see any binary to test?

You need a github account for that. So if you can create that, then we can get your experience and solve it.

OK, guys: summary from the github progress: test work to do for you:

With the plain SABnzbd 4.4.0:

Go to server settings http://127.0.0.1:8080/config/server/
In the upper right corner: turn Advanced Settings on
Then, at server Show Details: change Port from 563 to 443.
Click Test Server ... does it work, and without errors? Good! Click Save Changes.

And please report back the result:
- which newsserver
- which virusscanner
- does this workaround work for you?

For example
- news.newshosting.com
- AVG Free
- Yes, works with port 443 set

... or just use the binary just released: https://github.com/sabnzbd/sabnzbd/issu ... 2543341811 ... github account needed.

Switching ports from 563 to 443 has worked for me.

Sabnzb: 4.4.0
Newshost: newshosting
AV: Avast

I am also receiving the error, workaround seems to have fixed it.

AV: AVG Free
Sabnzb: 4.4.1

news.newsgroupdirect switched from 563 to 80 - Fixed it
super.newsgroupdirect switched from 563 to 443 - Fixed it
reader.usenight switched from 563 to 443 - Fixed it
news.vipernews switched from 563 to 443 - Fixed it

hdhock3y wrote: ↑January 3rd, 2025, 12:19 pm I am also receiving the error, workaround seems to have fixed it.

AV: AVG Free
Sabnzb: 4.4.1

news.newsgroupdirect switched from 563 to 80 - Fixed it
super.newsgroupdirect switched from 563 to 443 - Fixed it
reader.usenight switched from 563 to 443 - Fixed it
news.vipernews switched from 563 to 443 - Fixed it

Good to hear. I myself prefer your method: change port to 443 (=standard HTTPS).

But I inform you and others about the other method: as of SABnzbd 4.4.1, per defined news server, with advanced options checked on, at "Certificate verification" you can select "Medium" and then keep using port 563.

From the SABnzbd's Server page https://127.0.0.1:8080/config/server/ :

Certificate verification

When SSL is enabled:
- Strict: enforce full certificate verification. This is the most secure setting.
- Medium: verify that the certificate is valid and matches the server address, but allow certificates locally injected (for example by firewall or virus scanner).
- Minimal: verify that the certificate is valid. This is not secure, any valid certificate could be used.
- Disabled: no certification verification. This is not secure at all, anyone could intercept your connection.