I’m running sonarr on a CentOS 7 system, using mono 3.10.0 and had SSL enabled. After I updated mono to version 4.0.2 SSL stopped working. I get an SSL connection error page. I checked my certificate is still in mono httpcfg, it was and reinstalled it anyway. I could not see anything in the logs about SSL. I removed mono 4.0.2 and reinstalled 3.10.0 and SSL is working again.
Is there any reason to upgrade my mono version if 3.10.0 has been working perfectly as far as i can see?
I have the exact same issue, but on Raspbian. I recently updated Raspbian from Wheezy to Jessie and decided to strip all manually installed packages in favor of packages from repositories. This included mono 3.10, which I downloaded according to a tutorial on HTPCguides.com. This version of mono was designed to run on a Banana Pi but also worked on my Raspberry Pi 2. To provide my Pi 2 with the “best fitting” mono I decided to use the official mono repo as described on their install page. This unfortunately caused my SSL to be broken. I have followed both methods described in this topic, but neither worked. I am using a certificate chain of three nodes, which I created by following this guide. It has worked well in the past, for Sonarr but also for NZBget and CouchPotato. After the upgrade to mono 4, specifically Stable 4.0.2.5/c99aa0c, this chain appears to be causing problems, but only for Sonarr. Both NZBget and CouchPotato still work just fine. I have tried various browsers and tools, but all report an SSL_HANDSHAKE_ERROR. Example output of openssl is below. The same output is produced when forcing either -ssl3 or -tls1.
C:\Users\Geert>openssl s_client -ssl3 -connect ip_address:8081
Loading 'screen' into random state - done
CONNECTED(000000F4)
depth=0 /C=NL/ST=Gelderland/L=Nijmegen/O=Hidden/CN=ip_address/emailAddress=hidden@email.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=NL/ST=Gelderland/L=Nijmegen/O=Hidden/CN=ip_address/emailAddress=hidden@email.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=NL/ST=Gelderland/L=Nijmegen/O=Hidden/CN=ip_address/emailAddress=hidden@email.com
verify error:num=21:unable to verify the first certificate
verify return:1
9656:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.\ssl\s3_pkt.c:1146:SSL alert number 40
9656:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:.\ssl\s3_pkt.c:572:
Below here is the output that chrome://net-internals shows.
I continue to try different things to get SSL working, all with no success. However the message I get using chrome “Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don’t have.” has got me thinking about how SSL worked before I updated. I’m wondering if my setup was every working properly. Before when i would access https://sonarr.local:9898 a window would open allowing my to select a user certificate. I would always press cancel and then sonarr would open. Was this normal behavior? I get the same window now, but if I cancel I get the SSL connection error.
I got SSL working by importing my user certificate into the personal store on the client computer. I was able to use my OpenVPN certificate that I already had. I’m still curious if everyone else using SSL are seeing the pop-up window to select a certificate? I use a smart cart for work and have those certificates installed, may be that is why I get the pop-up.