Unable to connect via HTTPS

Sonarr version (exact version): 2.0.0.4163
Mono version (if Sonarr is not running on Windows):
OS: Windows 10 Pro
((Debug logs)) (posted to hastebin or similar): http://pastebin.com/dqEhYHRx
Description of issue: I’m unable to connect to Sonarr locally or remotely via HTTPS. HTTP works fine.

Hi all,

Not sure when the issue started, but I noticed it stop working a couple of days ago.

I’ve tried/confirmed:

  • HTTPS port is not being blocked by ISP or being used by another application
  • Rebooted machine Sonarr sits on (which also has other applications hosted that can be accessed remotely)
  • Repurposed the port for another application (SABnzbd), works fine.
  • SSL certificate is still valid (is a self-assigned certificate but works perfectly fine on other applications, including SABnzbd).
  • Confirmed the Hash has no foreign characters in Sonarr. Retyped just in case, no difference.
  • Disabled SSL, restarted Sonarr
  • Re-enabled SSL, restarted Sonarr
  • Changed SSL ports to something completely different, no difference.

The only thing that appears in Sonarr’s logs for errors is what is pasted above. It only appears to occur when I restart the Sonarr application, as it refers to Owin. Log order as follows (the same Owin error occurs three times):

NzbDroneServiceFactory - Attempting to stop application - 7:56pm
OwinHostController - Attempting to stop OWIN host - 7:56pm

Owin Error http://pastebin.com/dqEhYHRx

OwinHostController - Host has stopped - 7:56pm
NzbDroneServiceFactory - Application has finished stop routine. - 7:56pm

Owin Error http://pastebin.com/dqEhYHRx

ConsoleApp - Exiting main. - 7:56pm

Owin Error http://pastebin.com/dqEhYHRx

The error refers to “SignalR exception thrown by Task: System.AggregateException: One or more errors occurred. —> System.IO.IOException —> System.Net.HttpListenerException: The handle is invalid”. It seems to refer to HTTP and not HTTPS but that’s the only error that appears in Sonarr.

I’ve read that the HttpListenerException error may refer to the .NET framework and how Windows 10 calls (or doesn’t call) this handle, but I don’t believe it to be related to my issue as this same server has had Windows 10 for the last 6 months +, and never failed.

Any help would be greatly appreciated.

What do the startup logs show (enable ((trace logging)) and restart Sonarr to get the most details). Its also worth trying starting Sonarr as admin to make sure the ports and ssl certs are registered properly.

I swapped the log file to trace and rebooted sonarr, only entries are as follows:

16-5-31 12:55:09.5|Info|Bootstrap|Starting Sonarr - C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe - Version 2.0.0.4163
16-5-31 12:55:09.8|Debug|ServiceProvider|Checking if service NzbDrone exists.

Also, Sonarr (NzbDrone) is always opened as Admin, and the SSL certificate is recognised with no issues (that I can tell)

##SSL##

16-5-31 12:42:44.8|Debug|netsh.exe|SSL Certificate bindings:
16-5-31 12:42:44.8|Debug|netsh.exe|-------------------------
16-5-31 12:42:44.8|Debug|netsh.exe| IP:port : 0.0.0.0:[ssl port]
16-5-31 12:42:44.8|Debug|netsh.exe| Certificate Hash : [ssl hash]
16-5-31 12:42:44.8|Debug|netsh.exe| Application ID : {ssl app ID}
16-5-31 12:42:44.8|Debug|netsh.exe| Certificate Store Name : (null)
16-5-31 12:42:44.8|Debug|netsh.exe| Verify Client Certificate Revocation : Enabled
16-5-31 12:42:44.8|Debug|netsh.exe| Verify Revocation Using Cached Client Certificate Only : Disabled
16-5-31 12:42:44.8|Debug|netsh.exe| Usage Check : Enabled
16-5-31 12:42:44.8|Debug|netsh.exe| Revocation Freshness Time : 0
16-5-31 12:42:44.8|Debug|netsh.exe| URL Retrieval Timeout : 0
16-5-31 12:42:44.8|Debug|netsh.exe| Ctl Identifier : (null)
16-5-31 12:42:44.8|Debug|netsh.exe| Ctl Store Name : (null)
16-5-31 12:42:44.8|Debug|netsh.exe| DS Mapper Usage : Disabled
16-5-31 12:42:44.8|Debug|netsh.exe| Negotiate Client Certificate : Disabled
16-5-31 12:42:44.8|Debug|netsh.exe| Reject Connections : Disabled
16-5-31 12:42:44.8|Info|OwinHostController|Listening on the following URLs:
16-5-31 12:42:44.8|Info|OwinHostController| http://:[http port]/
16-5-31 12:42:44.8|Info|OwinHostController| https://
:[https port]/

Based on the snippets of logs nothing seems out of order, but without seeing everything its impossible to say for certain.

What error do you get when you try to connect to the HTTPS port?

Unfortunately an error of not much use (see below).



It’s as if something is blocking the port but I have no idea what. I’ve turned off all firewalls, isolated the machine Sonarr sits on to it’s own network, even put the IP of the server into the routers DMZ… nothing will allow it to connect. :expressionless:

I’ve checked netstat and confirmed both ports are up and actively listening:

C:\Windows\system32>netstat -a -b -n -o

Active Connections

Proto Local Address Foreign Address State PID

TCP 0.0.0.0:http_port 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:https_port 0.0.0.0:0 LISTENING 4
Can not obtain ownership information

I initially thought it was because of the 0.0.0.0 addresses, but SABnzbd and Couchpotato are on nearby ports in the same format, and they work without issue (also using SSL).

The HTTPS port isn’t reachable via localhost, either, so… I’m at a loss. :disappointed:

If it matters, I’m on the develop branch for Sonarr rather than the master, as I had issues with the master branch not supporting Digest authentication to my Seedbox, whereas the develop branch did. I have noticed an update last week in the develop branch that now supports http/socks proxy support… Would that be related? (probably not, but grasping at straws here).

No thats for outbound connections from Sonarr to the world, the web server is separate.

Given the information, I’m assuming the issue lies with either the SSL cert registration or the port registration, but odd that it didn’t work changing ports and suddenly stopped (I really dislike how the webserver is registered, but for the time being its the best solution available).

I think the best course of action is to roll back and start from scratch with the SSL setup including:

  • Removing the hash from Sonarr’s settings
  • Disabling SSL in Sonarr
  • Removing the certificate from the computer’s certificate store
  • Unregistering the SSL cert binding - netsh http delete sslcert ipport=0.0.0.0:9898 where 9898 is replaced with the actual port used by Sonarr
  • Unregistering the SSL port binding - netsh http delete urlacl https://*:9898 and netsh http delete urlacl https://localhost:9898 again using the correct port.

Ok, have done as suggested:

  • Removing the hash from Sonarr’s settings - Successful
  • Disabling SSL in Sonarr - Successful
  • Removing the certificate from the computer’s certificate store - Successful
  • Unregistering the SSL cert binding - netsh http delete sslcert ipport=0.0.0.0:9898 - Successful:

C:\Windows\system32>netsh http delete sslcert ipport=0.0.0.0:https_port
SSL Certificate successfully deleted

  • Unregistering the SSL port binding - netsh http delete urlacl https://*:9898 and netsh http delete urlacl https://localhost:9898 - NOT Successful

C:\Windows\system32>netsh http delete urlacl https://*:https_port
URL reservation delete failed, Error: 87
The parameter is incorrect.

C:\Windows\system32>netsh http delete urlacl https://localhost:https_port
URL reservation delete failed, Error: 87
The parameter is incorrect.

C:\Windows\system32>netstat -a -b -n -o

Active Connections

Proto Local Address Foreign Address State PID

TCP 0.0.0.0:http_port 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:https_port 0.0.0.0:0 LISTENING 4
Can not obtain ownership information

I noticed something odd though… when I restarted Sonarr after re-enabling SSL and adding the new hash (ended up making a new SSL cert for testing), the NzbDrone service did not auto restart. I tried connecting to the SSL port with the service not running, it came up as ‘Connection Refused’. After restarting the service, it now fails for ‘Connection Reset’. :confused:

Ahh I forgot the trailing slash, it should be netsh http delete urlacl https://*:https_portURL/

Anything in the logs about it failing to start?

Thats odd, that seems to indicate an issue with how its registered with Windows or the certificate maybe. How was the certificate created?

If you run netsh http show sslcert do you see the information for Sonarr there (port, app ID and certificate thumbprint).

That worked better for one of them:

C:\Windows\system32>netsh http delete urlacl https://:https_port/*
URL reservation successfully deleted

C:\Windows\system32>netsh http delete urlacl https://localhost:https_port/

URL reservation delete failed, Error: 2
The system cannot find the file specified.

No errors that I can see, other than the OWIN error I mentioned earlier.

It was created by following http://www.intraipsum.se/blog/2013/08/21/creating-sabnzbd-self-signed-certificates/ as I made it successfully for SABnzbd use, and adapted it for Sonarr and other applications that supported SSL.

It used to be populated (per the SSL debug above), now it has not repopulated. I’ll reinstall the SSL cert again and post back with an outcome.

.

Ok, re-run through the steps you gave above to remove SSL and start from scratch.

Started from a clean slate:

  • Re-followed setting up SSL in Sonarr (using existing certificate).
  • Re-converted the .cert and .key files into a PKCS#12 file.
  • Installed into appropriate certificate repositories.
  • Rerun netsh http show sslcert in CMD, now showing SSL Cert bindings.
  • Checked debug log in Sonarr

16-6-3 17:56:29.5|Debug|netsh.exe|SSL Certificate successfully added
16-6-3 17:56:29.5|Debug|netsh.exe|Starting netsh.exe http add urlacl https://:https_port/
16-6-3 17:56:29.6|Debug|netsh.exe|URL reservation successfully added
16-6-3 17:56:29.6|Info|OwinHostController|Listening on the following URLs:
16-6-3 17:56:29.6|Info|OwinHostController| http://
:http_port/
16-6-3 17:56:29.6|Info|OwinHostController| https://*:https_port/

  • Tested SSL connectivity, took a few attempts but it now works!! :grin:

I’m still puzzled as to what caused this to go completely pear-shaped to begin with; I’m just hoping it doesn’t happen again.

Thank you @markus101 for the help, greatly appreciated.

1 Like

Awesome, thats definitely a head scratcher, glad to hear its working once again.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.