Sonarr version (exact version): 3.0.3.834
Mono version (if Sonarr is not running on Windows): 6.8.0.123
OS: ubuntu 18.04
Description of issue:
Since today nzbfinder.ws is no longer reachable using sonarr 3. The reason seems to be that the “Sectigo AddTrust External CA Root” expired and the sonarr/mono is not switching to the new intermediate certificates as described here:
https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
“After this date, clients and browsers will chain back to the modern roots that the older AddTrust was used to cross sign. No errors will be displayed on any updated, newer device or platform which has had updates. A legacy browser or older device that does not have the modern “USERTRust” root would not trust it and so would look further up the chain to a root it does trust, the AddTrust External CA Root. A more modern browser would have the USERTrust root already installed and trust it without needing to rely on the older AddTrust root.”
Mozilla/chromium are using the new certificate chain.
Checking the website with certmgr shows that mono still uses the old certificate chain using this intermediate certificate:
https://support.comodo.com/index.php?/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certification-authority
instead of this one
https://support.comodo.com/index.php?/Knowledgebase/Article/View/970/108/intermediate-2-sha-2-comodo-rsa-domain-validation-secure-server-ca
Sonarr 2 is also logging that the certificatechain has an error but seems to ignore it.
Does anyone have an idea how to force mono to use the new certificate chain?
Sonarr3 on Windows does not have this issue, so it seems to be an OS/mono related problem.
Thanks for the help.
Best regards
miracle152005
Debug logs:
[v3.0.3.834] System.Net.WebException: Error: TrustFailure (Authentication failed, see inner exception.): ‘https://nzbfinder.ws/api?t=tvsearch&cat=5010,5030,5040,5045,5080,5090,5070&extended=1&apikey=(removed)&offset=0&limit=100’ —> System.Net.WebException: Error: TrustFailure (Authentication failed, see inner exception.) —> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. —> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
at /build/mono-6.8.0.123/external/boringssl/ssl/handshake_client.c:1132
at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00048] in <88f564ea69dd4dc8ba9bf979e48d5996>:0
at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in <88f564ea69dd4dc8ba9bf979e48d5996>:0
at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool)
at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <88f564ea69dd4dc8ba9bf979e48d5996>:0
at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in <88f564ea69dd4dc8ba9bf979e48d5996>:0
— End of inner exception stack trace —
at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x00262] in <88f564ea69dd4dc8ba9bf979e48d5996>:0
at Mono.Net.Security.MonoTlsStream.CreateStream (System.Net.WebConnectionTunnel tunnel, System.Threading.CancellationToken cancellationToken) [0x0016a] in <88f564ea69dd4dc8ba9bf979e48d5996>:0
at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x001ba] in <88f564ea69dd4dc8ba9bf979e48d5996>:0
— End of inner exception stack trace —
at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x0021a] in <88f564ea69dd4dc8ba9bf979e48d5996>:0
at System.Net.WebConnection.InitConnection (System.Net.WebOperation operation, System.Threading.CancellationToken cancellationToken) [0x00141] in <88f564ea69dd4dc8ba9bf979e48d5996>:0
at System.Net.WebOperation.Run () [0x0009a] in <88f564ea69dd4dc8ba9bf979e48d5996>:0
at System.Net.WebCompletionSource1[T].WaitForCompletion () [0x00094] in <88f564ea69dd4dc8ba9bf979e48d5996>:0 at System.Net.HttpWebRequest.RunWithTimeoutWorker[T] (System.Threading.Tasks.Task1[TResult] workerTask, System.Int32 timeout, System.Action abort, System.Func1[TResult] aborted, System.Threading.CancellationTokenSource cts) [0x000f8] in <88f564ea69dd4dc8ba9bf979e48d5996>:0 at System.Net.HttpWebRequest.GetResponse () [0x00016] in <88f564ea69dd4dc8ba9bf979e48d5996>:0 at NzbDrone.Common.Http.Dispatchers.ManagedHttpDispatcher.GetResponse (NzbDrone.Common.Http.HttpRequest request, System.Net.CookieContainer cookies) [0x00123] in M:\BuildAgent\work\63739567f01dbcc2\src\NzbDrone.Common\Http\Dispatchers\ManagedHttpDispatcher.cs:81 --- End of inner exception stack trace --- at NzbDrone.Common.Http.Dispatchers.ManagedHttpDispatcher.GetResponse (NzbDrone.Common.Http.HttpRequest request, System.Net.CookieContainer cookies) [0x001bb] in M:\BuildAgent\work\63739567f01dbcc2\src\NzbDrone.Common\Http\Dispatchers\ManagedHttpDispatcher.cs:107 at NzbDrone.Common.Http.HttpClient.ExecuteRequest (NzbDrone.Common.Http.HttpRequest request, System.Net.CookieContainer cookieContainer) [0x00080] in M:\BuildAgent\work\63739567f01dbcc2\src\NzbDrone.Common\Http\HttpClient.cs:123 at NzbDrone.Common.Http.HttpClient.Execute (NzbDrone.Common.Http.HttpRequest request) [0x00008] in M:\BuildAgent\work\63739567f01dbcc2\src\NzbDrone.Common\Http\HttpClient.cs:59 at NzbDrone.Core.Indexers.HttpIndexerBase1[TSettings].FetchIndexerResponse (NzbDrone.Core.Indexers.IndexerRequest request) [0x0004b] in M:\BuildAgent\work\63739567f01dbcc2\src\NzbDrone.Core\Indexers\HttpIndexerBase.cs:321
at NzbDrone.Core.Indexers.HttpIndexerBase1[TSettings].FetchPage (NzbDrone.Core.Indexers.IndexerRequest request, NzbDrone.Core.Indexers.IParseIndexerResponse parser) [0x00000] in M:\BuildAgent\work\63739567f01dbcc2\src\NzbDrone.Core\Indexers\HttpIndexerBase.cs:298 at NzbDrone.Core.Indexers.HttpIndexerBase1[TSettings].TestConnection () [0x0000e] in M:\BuildAgent\work\63739567f01dbcc2\src\NzbDrone.Core\Indexers\HttpIndexerBase.cs:335