![]() Let's Encrypt certs expire and renew every 30 or so days, thus overwriting the previous cert. I don't know how sustainable adding the intermediate certificate is to the end of the current certificate, mainly because it will have to be done every month or so. Have you tried Firefox on another machine? Apparently Firefox doesn't clean the certificate cache (even in Private mode): I just tried it on 3rd machine (clean VM with Firefox 54.0 portable), same certificate error page. ![]() ![]() I'm still surprised your Firefox install doesn't give the error (even though Chrome and Edge work fine). Older NZBGet version were using SSL_CTX_use_certificate_file and combined certificates did not work. NZBGet uses openssl function SSL_CTX_use_certificate_chain_file. Whether the combined certificate will work in hydra depends on how hydra loads the certificate. openssl s_client -connect :6791 works too. Now fetching in NZBGet works and we can use the default cacert.pem coming with NZBGet. Opened the test certificate (which we use in NZBGet web-server) in a text editor and at the end of file added the content of Let's Encrypt intermediate certificate.Restored original cacert.pem (removed Let's Encrypt).It will also work for any other certificate signed by Let's Encrypt. Added the Let's Encrypt intermediate certificate into cacert.pem used in NZBGet - now fetching in NZBGet works.It's strange that it worked in Firefox because NZBGet uses the root cert store (cacert.pem) obtained from Mozilla web-site.That certificate isn't in NZBGet root cert store (option CertStore, by default file cacert.pem in nzbget directory). The reason for this error: the certificate is signed by an intermediate certificate from Let's Encrypt.Result: NZBGet reports an error, similar to the one reported by openssl (CertCheck=yes in nzbget). Added an URL to NZBGet download queue, the URL refers to NZBGet web-interface ( ).Check with openssl s_client -connect :6791 fails with "verify error:num=20:unable to get local issuer certificate".Firefox (on Windows) can connect to NZBGet without warnings/errors.I've installed this certificate in NZBGet's web-server.Thanks for the test Let's Encrypt certificate.
0 Comments
Leave a Reply. |