Issues Installing SSL

Hey Guys -

I recently performed an OS re-install on my home system which I try to do at least 3 times a year. Once done, I started setting everything back up including SABnzbd and NZBDrone. In the past when using NZBDrone, I’ve always had issues getting SSL to work correctly. I’ve tried many things over the past hour and still can’t get it to work. Below’s my setup, what I’ve tried, and results…

My Setup

  • Using purchased 3rd party SSL cert
  • Windows 8.1 Update 1 x64 (Fully Patched) - Not on domain - Local admin rights
    Note: Had the same exact issue in Win 7 x64
  • SABnzbd (Newest Release) using SSL on port 9090
  • NZBDrone (2.0.0.2064) via HTTP on port 8989 (Installed as Service)
    Currently, everything works fine, but still want NZBDrone on SSL

How I First Tried to Install SSL
Following the guide here, I performed the below steps:

  1. Started with my certificate in CRT format + key initially created
  2. Converted CRT to PFX via conversion utility
  3. Opened MMC and imported PFX into Personal store with default options (same as in instructions)
  4. Opened imported certificate and copied the hash to clipboard
  5. Opened NZBDrone, turned on SSL, pasted hash
  6. Verified that hash had no “phantom” characters in front of behind then saved settings
  7. Went to System page and clicked Turn Off icon in upper right
  8. Made sure task manager didn’t list NZBDrone.exe plus service was stopped
  9. In Start menu, searched for NZBDrone, right clicked on it, and chose “Run as Administrator”

When I go to the new address / port, it doesn’t work. When I try to go back to the HTTP link, it does.

What I’ve Tried to Fix Issue

  • Opened config.xml and verified settings - all good (pasted at end of post)
  • Shut down via System again, verified closed, then started via Service - no change
  • Changed logging to Debug
  • Imported original CRT into Personal store (instead of converted PFX) - Shut down and opened via Run as Admin - no change
  • Shut down NZBDrone and started as admin via exe file in \bin - not shortcut - no change

When viewing the log file, there’s only 1 section with any errors. Below is what they say:

|Debug|netsh.exe|Url reservation add failed, Error: 183
|Debug|netsh.exe|Cannot create a file when that file already exists.
|Debug|netsh.exe|Starting netsh.exe http add urlacl https://:9898/ sddl=D:(A;;GX;;;S-1-1-0)
|Debug|netsh.exe|Url reservation add failed, Error: 183
|Debug|netsh.exe|Cannot create a file when that file already exists.
|Info|OwinHostController|Listening on the following URLs:
|Info|OwinHostController| http://
:8989/
|Info|OwinHostController| https://*:9898/

I tried running “netsh.exe http show sslcert ipport=0.0.0.0:9898”, but got a message saying that the system cannot find the file specified.

My config.xml

<?xml version="1.0" encoding="utf-8" standalone="yes"?> 8989 9898 True False 32ea3004881f4047a220888160bc5d04 True master *********** *********** Debug ‎14 d6 ****removed***** 4c 6a BuiltIn

Any Ideas? I included all detail I could think of. Thanks!

Was that for your user or the computer? (It needs to go in the Personal store of the computer).

Everything else looks alright, drone should log on start up (to the log file) when its trying to register the cert/port with Windows, do you see that?

Thanks for the reply…

Yes - it was for the local computer as in after choosing the “Certificates” plug-in in MMC, I chose “Local Computer.”

Again, I had the same issue in my previous OS build which was Win7 x64. I’ve had it working in Win 7 x64 before, but can’t get it to go now and don’t remember how I got it to work!

Do you (or anyone else) have any more ideas? Thanks!

One more thing I tried today…

I ran the following commands to delete the 2 urls which both completed successfully.

  • netsh.exe http delete urlacl https://*:8989/
  • netsh.exe http delete urlacl http://*:8989/

Afterwards, I started NZBDrone again as admin.… It still didn’t work.

In the log file, though, it didn’t show the errors as before adding the urls but showed:

netsh.exe|Starting netsh.exe http show sslcert ipport=0.0.0.0:9898
netsh.exe|SSL Certificate bindings:
netsh.exe|The system cannot find the file specified.
netsh.exe|Starting netsh.exe http add sslcert ipport=0.0.0.0:9898 certhash=?14d6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa044c6a appid={C2172AxxxxxxxxxxxxxxxxxxxxxxE680613}
Debug|netsh.exe|The parameter is incorrect.
netsh.exe|Starting netsh.exe http add urlacl http://:8989/ sddl=D:(A;;GX;;;S-1-1-0)
netsh.exe|URL reservation successfully added
netsh.exe|Starting netsh.exe http add urlacl https://
:9898/ sddl=D:(A;;GX;;;S-1-1-0)
netsh.exe|URL reservation successfully added

What’s incorrect about the first part of the log above? Thanks!

netsh.exe|Starting netsh.exe http add sslcert ipport=0.0.0.0:9898 certhash=?14d6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa044c6a appid={C2172AxxxxxxxxxxxxxxxxxxxxxxE680613}

Looks like a phantom space in there (shown as a ? in the console).

I just pushed a fixed to develop that should remove any extra characters when saving, just leaving the alphanumeric hash.

You’re right - I over thought the troubleshooting. Just came here to post the fix which was a phantom character from when I copy/pasted it from MMC.

Last night when trying different things, I was looking in the log and also noticed that “?”. When running the command in a prompt as is, I got the error - but - when I ran it without the “?” it worked. Even though I verified the .ini (which is plain test) didn’t have it, I opened NZBDrone, disabled SSL, restarted, enabled SSL, deleted everything, then manually entered the hash without spaces. After shutting it down and starting as admin, it worked just fine - WEIRD.

Surely something could be changed in code to fix this - anyways - Thanks for everyone’s help. It’s always the easy things that work!