The Problem
I have been happily using an SSL certificate on my Sonarr installation via Mono for a year or so now, but recently it stopped working.
I’ve followed the instructions over at https://github.com/Sonarr/Sonarr/wiki/SSL but still not getting any joy, I can use the non-SSL port, but when I try to connect via SSL I get various errors.
Via Chrome
SSL connection error
ERR_SSL_PROTOCOL_ERROR
Hide details
Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don’t have.
Not sure if helpful/relevant, but it works from my work PC Chrome if I select a local certificate first, the site has never previously required any form of client certificates, my home PC doesn’t have any.
Via IE
There is a problem with this website’s security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website’s address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
If I continue, it just goes to this:
This page can’t be displayed
•Make sure the web address https://192.168.1.66:8095 is correct.
•Look for the page with your search engine.
•Refresh the page in a few minutes.
Via Curl
DiskStation> curl "https://192.168.1.66:8095/"
curl: (60) SSL certificate problem: self signed certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
If I add the -k switch:
DiskStation> curl “https://192.168.1.66:8095/” -k
curl: (35) error:14094410:lib(20):func(148):reason(1040)
My certs for Sabnzbd and CP are still good, not sure why my Sonarr one is giving me headaches.
Port Config in Mono
Mono lists the cert on the right port:
DiskStation> su nzbdrone -c "/volume1/@appstore/mono/bin/httpcfg -list"
Port: 8095 Thumbprint: F1F682A21BCD06B68BF7198692DF6C26CB2BFF6E
The port is definitely correct in the Sonarr application too…
Any ideas anyone? would appreciate some help!