Sonar SSL with Synology

The Problem

I have been happily using an SSL certificate on my Sonarr installation via Mono for a year or so now, but recently it stopped working.

I’ve followed the instructions over at https://github.com/Sonarr/Sonarr/wiki/SSL but still not getting any joy, I can use the non-SSL port, but when I try to connect via SSL I get various errors.

Via Chrome

SSL connection error

ERR_SSL_PROTOCOL_ERROR
Hide details
Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don’t have.

Not sure if helpful/relevant, but it works from my work PC Chrome if I select a local certificate first, the site has never previously required any form of client certificates, my home PC doesn’t have any.

Via IE

There is a problem with this website’s security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website’s address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

If I continue, it just goes to this:

This page can’t be displayed

•Make sure the web address https://192.168.1.66:8095 is correct.
•Look for the page with your search engine.
•Refresh the page in a few minutes.

Via Curl

DiskStation> curl "https://192.168.1.66:8095/"
curl: (60) SSL certificate problem: self signed certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.

If I add the -k switch:

DiskStation> curl “https://192.168.1.66:8095/” -k
curl: (35) error:14094410:lib(20):func(148):reason(1040)

My certs for Sabnzbd and CP are still good, not sure why my Sonarr one is giving me headaches.

Port Config in Mono

Mono lists the cert on the right port:

DiskStation> su nzbdrone -c "/volume1/@appstore/mono/bin/httpcfg -list"
Port: 8095 Thumbprint: F1F682A21BCD06B68BF7198692DF6C26CB2BFF6E

The port is definitely correct in the Sonarr application too…

Any ideas anyone? would appreciate some help! :slight_smile:

Which version of mono?

My understanding is older versions of mono (3.x was still affected) didn’t support intermediate certificates and would prompt for a client cert because the chain was invalid.

I’ve also had reports of SSL not working with mono 4, but also that mono 4 (or at least later versions) supports intermediate certificates, but haven’t been able to verify this either way.

Hi Markus101,

I have this version of Mono installed:

DiskStation> /volume1/@appstore/mono/bin/mono --version
Mono JIT compiler version 4.0.4 (Stable 4.0.4.1/5ab4c0d Sun Oct 11 12:21:26 CEST 2015)
Copyright © 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
TLS: __thread
SIGSEGV: normal
Notifications: epoll
Architecture: amd64
Disabled: none
Misc: softdebug
LLVM: supported, not enabled.
GC: sgen

Still an issue, any ideas Markus? :slight_smile:

Did you recently update to mono 4.0.4?

This is likely the issue with mono 4.0 and SSL, Chrome is also cracking down on SSL minimums, so its likely not to work in mono until those are upgraded: https://github.com/Sonarr/Sonarr/issues/904

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.