Certificate validation failed


#1

Sonarr version (exact version): 3.0.1.441
Mono version (if Sonarr is not running on Windows): 5.20.1.19
OS: Ubuntu 18.04
Debug logs: https://pastebin.com/bYu2Yc8v
(Make sure debug logging is enabled in settings and post the full log to hastebin/pastebin/dropbox/google drive or something similar, do not post them directly here. Post in .txt not .doc, .rtf or some other formatted document)
Description of issue: I guess this issue is related to the new mono version as Radarr is working fine with the older mono version. I have run cert-sync to no success. The issue seems to be related to the change of the TLS provider. Adding this to the environment should solve the issue MONO_TLS_PROVIDER=legacy could you tell me where to place this exactly?

Thanks for your support!


#2

You should not do this.

There are other threads on these forums with the proper solution (you may need additional packages installed).

Radarr (like Sonarr v2) does not do any certificate validation, v3 now validates certificates by default and while you could opt out of that behaviour fixing the underlying issue isn’t too complicated.


#3

Hello,
I am affected by the same issue. Sonarr worked flawlessly for days and now I can’t search for new series and Telegram connection doesn’t work anymore.
Please Markus can you address me to the right fix?
I have to downgrade Mono version?
I am running Sonarr in Ubuntu 18.10 LXC.
Thank you in advance.


#4

It has to do with the installed packages likely (or using the legacy TLS provider) Unable to add indexers to new install


#5

Thanks for your response.

I’ve downloaded/updated following packages:
ca-certificates-mono
mono-complete
libmono-system-net-http4.0-cil

After a reboot I’ve tested it again to no success.

I then ran sudo cert-sync /etc/ssl/certs/ca-certificates.crt and also after a reboot to no success.

I haven’t found any other possible solutions. Any idea from your side?


#6

If you’re using an IP to connect instead of a hostname (that is valid for the certificate) then it’s going to fail. You’ll need to disable certificate validation for local addresses in Sonarr’s general settings.


closed #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.