Can't connect to SSL

I’ve got NZBDrone up and running on Windows 7. I have a Comodo SSL cert that I use on all my other apps for SSL, and followed the instructions here (https://github.com/NzbDrone/NzbDrone/wiki/SSL-(Windows)) to insert it into the Windows key store in the correct format.

I enable SSL, paste the thumbprint, and remove the spaces. I restart NZBDrone as administrator and I am unable to connect to https://(mydomain or localhost):9898. I’ve punched the holes in my router and I have Windows firewall off.

I don’t get anything in the logs in debug mode, and I’ve tried using curl but just get “unspecified SSL error (35)”.

Debug or trace logging? Trace will show more details, but any issues should have been logged as warnings or errors. If everything is successful it should show that drone is bound to port 9898 during startup.

You can verify the cert is loaded and bound to the right port by running: netsh http show sslcert

You can also verify the url is registered with windows by running netsh http show urlacl and finding the binding for 9898

I don’t see any SSL-related errors in the logs on trace mode.

netsh http show sslcert shows no bindings.

Reserved URL shows up in urlacl.

Launch in the console:
[Info] Bootstrap: Starting NzbDrone Console. Version 2.0.0.974
[Info] MigrationLogger: *** Migrating data source=C:\ProgramData\zbDrone
zbdro
ne.db;cache size=-10485760;datetimekind=Utc;journal mode=Wal ***
[Info] MigrationLogger: *** Migrating data source=C:\ProgramData\zbDrone\logs.d
b;cache size=-10485760;datetimekind=Utc;journal mode=Wal ***
[Info] Router: Application mode: Interactive
[Info] netsh.exe: Starting netsh.exe http show sslcert ipport=0.0.0.0:8990
[Info] netsh.exe: Starting netsh.exe http add sslcert ipport=0.0.0.0:8990 certha
sh=(the hash) appid={C2172AF4-F9A6-4D91-BAEE-C2E4E
E680613}
[Info] netsh.exe: Starting netsh.exe http add urlacl http://:8989/ sddl=D:(A;;G
X;;;S-1-1-0)
[Info] netsh.exe: Starting netsh.exe http add urlacl https://
:8990/ sddl=D:(A;;
GX;;;S-1-1-0)
[Info] OwinHostController: starting server on http://*:8989/
[Info] lambda_method: Starting NzbDrone API
[Info] SceneMappingService: Updating Scene mapping
[Info] HousekeepingService: Running housecleaning tasks

Can you run netsh.exe http add sslcert ipport=0.0.0.0:8990 certhash=(the hash) appid={C2172AF4-F9A6-4D91-BAEE-C2E4EE680613} manually through an elevated command prompt?

If there are any errors with that, windows will throw the useless error “The parameter is incorrect”. If the SSL binding isn’t added you won’t be able to connect via SSL, so for some reason thats failing, just need to find out why,

Hello Markus,

I think I am having the same issue as radiocolin. I am using a self signed ssl cert, instead of a Comodo one. I have SABnzbd and CouchPotato working with this certificate.

I can successfully run the command: netsh.exe http add sslcert ipport=0.0.0.0:8990 certhash=%THUMBPRINT_OF_CERT% appid={C2172AF4-F9A6-4D91-BAEE-C2E4EE680613} and it binds. I can see the binding by running netsh http show sslcert. I can also delete the binding by typing: netsh.exe http delete sslcert ipport=0.0.0.0:8990

My firewall is turned on however there are three exceptions, that I think NZBDrone created, for ports 8989, 9898, and 9899.

Hmm, well this is weird. I am now able to start NZBDrone and have it listen on the SSL port. The first time I tried running the http add sslcert command it errored out. The command showed a hidden character, a question mark, in front of my thumbprint. Removing that made the command work. I then was able to edit the NZBDrone setting with my newly copied thumbprint and it worked on restarting the program.

radiocolin, double and tripple check your thumbprint that you copied. I think that was my problem to begin with.