Unable to add indexers to new install


#1

Sonarr version (exact version): 3.0.1.441
Mono version: 5.20.1.19
OS: Ubuntu 18.04
Debug logs: https://pastebin.com/gWuHihZh
Description of issue:
I am trying to switch from sickbeard to sonarr so this is a brand new install on Ubuntu 18.04. The setup has gone smooth until trying to add my indexers, I get “Unable to connect to indexer, check the log for more details”. After checking the log it seems like possibly a TLS error, or maybe some other TrustFailure that I’m missing.

I have the newest Sonarr (3.0.1.441) and Mono (5.20.1.19) installed and it seems like Mono has supported TLSv1.2 since version 4.8.

I have tried 3 different indexers, all Newsnab based (nzbgeek, nzbcat, NZBFinder.ws), and even tried generating new API keys.

Also I can curl the url from terminal with no issues so it doesn’t appear to be blocked in any way from my machine.

Can anyone help point out what I’m missing?


#2

Are you setting MONO_TLS_PROVIDER=legacy?

I’m able to connect to nzbgeek from Sonarr running in a docker container (mono 5.12 currently) without issue and do not have the TLS provided explicitly set.

Duplicati has some steps on dealing with TLS under mono which may be helpful:


Certificate validation failed
#3

This appears to have been resolved by setting Certificate Validation to “Disabled”. Does anyone know if this is just because I don’t have a certificate applied to my own server or if this has something to do with the certificate for the indexer? I’m just not sure how Sonarr handles certificate validation.


#4

That setting tells Sonarr to ignore any failures, which isn’t really what you want, given it works for my setup (and plenty of others) it seems to be something your system is missing.


#5

I didn’t try setting TLS to legacy, but in the Duplicati link they suggested using cert-sync first which did the trick. I had ca-certificates-mono installed but apparently that didn’t apply correctly so that manually adds the root certs I needed.

I knew it was something up the cert/TLS alley. Thanks markus


#6

Awesome, thanks for confirming.


#9

It seems I spoke too soon. After about 15-30 minutes of indexers working, it seems they start receiving the same errors I was before. Very strange. I stopped looking into it last night as I thought it was fixed, but I was wrong it seems.

Definitely willing to try setting MONO_TLS_PROVIDER=legacy
Do you happen to know where the environment variables can be set? I’ve been reading man pages and some other forums and haven’t figured it out yet.

I did find MONO_TLS_PROVIDER finally (I think I just made a typo when searching the environment variables before) and I am already set to legacy.

Any other ideas?

Does the user running Sonarr need any special access to my /etc/ssl/certs folder maybe?

I decided to try installing Radarr and Lidarr just to see if those had the same issues and (after waiting an hour to check) they do not. This seems to be limited just to Sonarr. Could this be an issue with the version I am using?
Should I back down to an older version?

Now that I went to check version history in Sonarr, I see that I also am failing to fetch updates in Sonarr.

The log now shows the same error I am seeing for my indexers, but now for Sonarr itself:
Certificate validation for https://sentry.sonarr.tv/api/8/store/ failed. RemoteCertificateChainErrors

Now that I think about it, ever since I updated my version, I haven’t been able to fetch updates. This may be an issue with my version of Sonarr…

I appear to have a prerelease version that is still in testing, it appeared as an update in Sonarr after my initial install so I just took the update not thinking about it. I may have to reinstall to downgrade now…

(upon closer inspection, it seems I followed the install for v3 so that’s why I’m seeing prerelease installs… dumb me)


#10

Unset that, that limits mono to using it’s pre-5.0 certificate handling instead of Boring TLS, which was added in 4.8 and the default in 5.0.


#11

That makes sense, thank you.

Its been about 90 minutes and all is still working well. Hopefully this is the end of my issues. Besides this hurdle, it seems like a fantastic application so far. Keep up the awesome work and support. Glad I made the switch.