• 0

Lets Encrypt intermediate certificate expired, affects Sabnzbd


Question

 

 

SO I am encountering an issue with Sabnzbd not connecting to my news servers (Eweka, Thecubenet) with an untrusted certificate from eweka error. I found the following post on Sabnzbd site which seems to translate to an OS issue with incorrect certificates due to  an intermediate signing cert from Lets Encrypt that expired Sept 30 2021. Easy enough to fix on windows, but how about on XPE?

 

https://www.sslshopper.com/ssl-checker. ... news.eweka.nl shows the certificate chain of eweka is correct.

So problem is client side - which in my case is XPE 

https://scotthelme.co.uk/lets-encrypt-o  ... xpiration/ is a very long story, with this sentence "The certificate in here that is going to cause a problem is this one, the IdenTrust DST Root CA X3." ... "expiration date of 30th Sep 2021" ... which is today.

Any ideas on how to fix this? I built a bunch of xpe servers for friends, and the calls are about to start!

 

 

  • Like 3
Link to post
Share on other sites

Recommended Posts

  • 0
4 hours ago, elmuziko said:

 

So I'm going to show my complete novice at life.

Two things.

sudo cat ${CERT_DIR}/*.crt >> /etc/ssl/certs/ca-certificates.crt
Is giving me :

 


elmuziko@DSM:~$ sudo cat ${CERT_DIR}/*.crt >> /etc/ssl/certs/ca-certificates.crt
-sh: /etc/ssl/certs/ca-certificates.crt: Permission denied



am I doing something wrong?

And secondly, how do I run the for ; do loop from a PUTTY command loop. Will it not take each line as a single command? 

 

Thank you
 

 

@elmuziko No worries, gotta start somewhere!

 

Obviously, all actions are done at your own risk, but this should work unless you stuff something up.

 

What I'd recommend for you is to save the raw script within a text file on one of your shared folders as something like CA_Update.sh

#SSH into your server

#Change directory to where you saved that script:
cd /volume1/SharedFolder/

 

#Confirm you're where the script is:

ls -la *.sh

#Should spit out a line with CA_Update.sh

 

#Make it executable and fix any potential permissions issues

chmod 755 CA_Update.sh

chmod +x CA_Update.sh


#Execute the script

sudo sh ./CA_Update.sh

 

Probably best to reboot DSM to ensure all services restart, or you can try restarting individual services with synoservice and/or service commands.

 

Hope that helps

Link to post
Share on other sites
  • 0

@humancaviar

 

Thank you for the update.

 

This has worked for me with regards to getting Sab to work with strict certificates. Really appreciate it. Synocommunity isn't working but that's small fry. I can live without updates until RedPill is up and ready.

 

Thank you again. 

 

For anyone else with this, I'm on DSM 6.2.3-25426 Update 3

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.