I searched for instructions on how to enable SSL for NZBDrone; but,. the only thing I could find was a very brief description of what to do on Github. I tried following the directions; but, there appears to be something still missing; that might be presumed in the instructions.
I was successful in creating a *.pfx file using the online certificate creation/conversion tools; with a trivial domain name. I used the string of characters like “123456789” (without quotes or spaces for the paraphrase.
I then imported the .pfx file into Windows Certificate Manager under Personal/Certificates. I used the same paraphrase from earlier when Windows Certificate Manager was importing the file.
Finally, in NZBDrone, there isn’t much configuration there. I just enabled SSL, assigned an SSL port, then type the same paraphrase I used in the last two times I was asked to type a password. So, they all match.
When I restarted NZBDrone and try to get to the SSL webpage; I immediate get “Problem loading page: The connection was reset”.
I described exactly what I did (above). So, hopefully someone can tell me what I’m missing. I’m guessing it may have to do with all the passwords I typed in? The only thing I could do was make sure they all matched and didn’t have any spaces.
PS: I already have a trusted chain certificate for my domain.com which I use for stunnel. It’s in a PEM file. It would be nice if I could use that since its for my domain; and, validated from a trusted source. If its too much hassle, then I guess getting help to get the self-signed cert working with NZBDrone would be fine.
PPS: Maybe you would consider to make enabling SSL much easier for NZBDrone (similar to how it can be enabled in SABnzbd).
I just converted my domain’s SSL certificate from a trusted source (godaddy class2 certificate chain) to a pfx file; then imported it to my personal store. Unfortunately, the same exact problem happens when I try to go to the nzbdrone SSL webpage. I’m using the same paraphrase/password I defined in the certificate conversion process, certificate import process, and in nzbdrone config file/GUI setup.
You need to use the certificate hash, not the passphrase (very different things). You also need to restart it once as admin once adding the certificate hash to register it with Windows.
As for making it easier, this is how its done in the Windows world, leveraging Windows architecture to do it, SABnzbd uses a different web server, not relying on underlying Windows services/infrastructure, unfortunately such a thing does not exist for us to use with drone, though I have looked and continue to look.
Great. Thanks. So, where’s the hash? The only strings I defined during the SSL cert creation/conversion/import process were all the same; which is what I used already. If there is something I need to enter for the hash value that’s different than the strings I defined previously, Id like to what where I can find that.
Is there a wiki page for how to do this with all the steps clearly described? BTW: I already have full admin privileges on the system; especially when restarting nzbdrone.
The wiki now includes how to get the thumbprint now, I’ve also included links to guides on how to add the cert, I don’t plan to rewrite the entire guide with full steps. Hopefully whats there helps, if not let me know.
As for privileges, I assume UAC is off, if not then you’re still just a pretend admin user.
Thank you so much Markus. I will try my best to follow the revised directions. Yes, I have UAC completely off and belong to the local administrator group.
Markus, sorry to keep bothering you. Bad news. I copied the thumbprint from the imported certificate to the “hash” field in NZBDrone. I have tried removing all possible spaces from the thumbprint value. I have also tried leaving all the spaces in tact (saving the NZBDrone hash setting and restarted the service after each time). I am still getting the same issue when visiting the https URL.
I have also tried using my own domain chained certificate (signed by a trusted source). I imported my certificate; then, copied it’s thumbprint (with and without spaces) into the hash field of NZBDrone, save, then restart service. Same exact problem.
Maybe I’m not copying the hash value correctly into NZBDrone? Could you clarify what you mean in the Wiki when you say:
"(make sure all spaces are removed from the Certificate hash, before and after."
Before and after what?
I just presumed that I should remove all possible spaces in the thumbprint; which I already did. I also tried leaving it completely in tact; removing only the preceding space from the thumbprint value and at the end of the value.
I’m not sure what else I could be missing or doing wrong. Surely, it can’t be that complicated. Ive never had issues with adding SSL on my IIS webserver nor creating/using ssl for linux ported tools.
Edit: Maybe, if you’re not sure what I’m doing wrong, you could tell me how to capture a log that could help you determine what’s wrong.
PS: Since I run NZBdrone as a service using local system user, I also tried starting NZBdrone.exe (non-service) using my username. It still didn’t make any difference.
“(make sure all spaces are removed from the Certificate hash, before and after.” - There were “invisible” spaces, I couldn’t see them in the text field or even notepad, but they were there, they cause the registration to fail with a cryptic error. I don’t know where they come from, but they’re there and cause issues, best way to get rid of them is to paste the value, go to the end and use the delete key to delete anything there and then go to the beginning and backspace away anything, you can also try deleting/backspacing and as long as it doesn’t delete part of the thumbprint its removed something.
What OS are you running?
Best course of action to troubleshoot further would be to enable trace logging, stop nzbdrone, delete the log files (you can get the location of the AppData folder form System -> Info before shutting down) and then start drone, it should show the process of registering the certificate and URL with Windows and any errors in the process.You can paste bin the logs and I can take a look.