Sonarr version (exact version): 2.0.0.4230
OS: Windows 7 (running as a service)
Description of issue:
I currently have Sonarr setup as a Windows service on my Windows 7 HTPC. I bought a simple PositiveSSL cert and I’m trying to enable SSL on Sonarr, but am encountering problems.
I followed this guide from Sonarr’s github page, but it still won’t work, outputting these errors into my log:
16-8-7 15:46:44.3|Debug|netsh.exe|Starting netsh.exe http show sslcert ipport=0.0.0.0:9898
16-8-7 15:46:44.3|Debug|netsh.exe|SSL Certificate bindings:
16-8-7 15:46:44.3|Debug|netsh.exe|-------------------------
16-8-7 15:46:44.3|Debug|netsh.exe|The system cannot find the file specified.
16-8-7 15:46:44.4|Debug|netsh.exe|Starting netsh.exe http add sslcert ipport=0.0.0.0:9898 certhash=[redacted] appid={redacted}
16-8-7 15:46:44.4|Debug|netsh.exe|SSL Certificate add failed, Error: 1312
16-8-7 15:46:44.4|Debug|netsh.exe|A specified logon session does not exist. It may already have been terminated.
16-8-7 15:46:44.4|Info|OwinHostController|Listening on the following URLs:
16-8-7 15:46:44.4|Info|OwinHostController| http://*:8989/
16-8-7 15:46:44.4|Info|OwinHostController| https://*:9898/
I already opened up the ports on my router, but that doesn’t seem to be an issue since I can’t even access it locally with https://192.168.1.33:9898.
Part of this may simply be my ignorance of certs and how they work, so let me explain my understanding and methodology in generating the certs that Sonarr needs. I was given four files from my issuing authority:
- AddTrustExternalCARoot.crt
- COMODORSAAddTrustCA.crt
- COMODORSADomainValidationSecureServerCA.crt
- domain_name.key
I’ve since combined numbers 1 and 2 into a “ssl-bundle.crt” for use on my web server, and renamed number 3 into “mydomain_com.crt” for ease of identification, which leaves me with three files:
- ssl-bundle.crt (I believe this is equivalent to a cert “chain” or “intermediate cert” that I keep reading about)
- mydomain_com.crt
- domain_name.key
So having said that, and given these instructions from Sonarr…
Prerequisites:
SSL certificate with Private Key Create self-signed Certificate or generate your own
Copy the Hash/thumbprint of the certificate. Thumbprint will contain spaces. Copy thumbprint to clipboard as is.
…I chose to interpret step two as converting both my “mydomain_com.crt” and my “domain_name.key” PEM files into a single PKCS#12 file for Windows to import. Did I misinterpret any steps there?
I verified that the hashes match, and it successfully loaded into Windows Certificates\Personal directory and has server and client authentication as its “intended purposes.” I restarted the service using my local account (which has administrator privileges–I don’t see a dedicated option for “starting the service as an administrator”), but still no joy.
Any help/troubleshooting steps would be appreciated, thanks.