Sonarr on Synology -- Unable to connect to indexer: Error: SecureChannelFailure

Skroot · January 27, 2021, 7:58am

Sonarr version (exact version): 20200921-18
Mono version (if Sonarr is not running on Windows): 5.20.1.34-16
OS: Running on Synology DS218Play
Debug logs: https://drive.google.com/file/d/14RsTK6bZVd8SCaC9v0OtFWoCYcZm6vcU/view?usp=sharing
Description of issue: Unable to connect to indexer: Error: SecureChannelFailure

Hi guys,

My indexer (NZBPlanet) started crashing a few days ago, I can’t connect anymore (see logs) - Unable to connect to indexer: Error: SecureChannelFailure

I had the same issue when setting up the system 3 months ago and “corrected it” by putting http://api.nzbplanet.net (without the s in https). It’s been working fine for 3 months, but not anymore.

Any idea? Thanks a lot!

rhom · January 27, 2021, 12:35pm

can you manually browse to the https site?
if possible SSH into DSM and use wget to check that way

is the DSM firewall on and blocking it for some reason?
did you upgrade DSM before this stopped working?

any other firewall that could be blocking it?

Skroot · January 27, 2021, 1:02pm

Hello Rhom,

Thanks for reaching out.
Yes I can browse both (http and https) from Chrome, and using wget when into DSM in SSH:

I checked, and DSM Firewall is disabled (Security > Firewall > “Enable Firewall” is not ticked)

No upgrade on DSM side (and anyway it never worked with the https, and that should I guess).
And I don’t see the firewall that could be blocking it

rhom · January 27, 2021, 1:12pm

if its never worked it might be a mono issue (there were some previous issue with its root repository certificates - ie the ones it trusts)

its possible is just doesnt like that digicert root, or cloudflare interim certs

in which case this may be useful (it says the issue is that mono doesnt trust the digicert baltimore cert)

https://www.mono-project.com/docs/faq/security/
according to that you may be able to add that digicert root certificate into the mono trust store yourself - but im not sure how that would go with DSM. but you may want to just stick with the http variant for a while

if you were running v3 you could disable certificate validation - it still uses the encryption it just doesnt care if its valid or not (sort of like TLS)

system · March 28, 2021, 1:22pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.