github-actions[bot]
commented
3 years ago Thanks for opening your first issue here! Be sure to follow the issue template!
Closed kb8080 closed 2 years ago
github-actions[bot]
commented
3 years ago Thanks for opening your first issue here! Be sure to follow the issue template!
Roxedus
commented
3 years ago Since you did not fill out the issue template as you should have, I can only assume.
kb8080
commented
3 years ago Roxedus, apologies for not filling out the template the first go round. I have since edited my original post and updated the details from the template. Also, referring to #82 for Sabnzbd as a bug I'll instead call it an "issue" that I have encountered since my host does not have IPv6 enabled which appears to be the cause and the only workaround I've seen there. Thus, the reason I am statically on the last known working version of Sabnzbd. I haven't re-visited it lately and if the issue I'm running into here with Radarr is related to the specific version I'm running with Sabnzbd that would be good to know as I will re-visit enabling IPv6 if that is the only workaround to update to the later Sabnzbd image.
GregDassie
commented
3 years ago I'm having the same problem. Is there any news on a solution?
kb8080
commented
3 years ago I didn't spend a lot of time troubleshooting but from what I can tell Radarr v3 has stricter (or newly added) certificate validation. Could be older TLS ciphers too possibly. It fails validation with the Sabnzbd self-signed cert that is presented when it tries to validate the API string. In my case the Sabnzbd cert had a few different SANs (localhost, container id, internal docker IP, etc.) in it but I am referencing Sabnzbd in Radarr by an IP that wasn't in the SAN. I tried localhost to see if that would allow it to validate and it didn't. I didn't spend any more time digging into it and instead went into Settings > General, and in the Security section you'll see the certificate validation dropdown where you can choose disable for local addresses which in my setup will be fine for now. YMMV with your topology. I may dig into this further at some point or if the devs determine something different is at play that will allow me to still have cert validation fully enabled.
GregDassie
commented
3 years ago Thank you kb8080. That works. Here's hoping the devs come up with something better eventually
Roxedus
commented
3 years ago This is intended behavior. You should be able to disable the certificate check, however.
mylosol
commented
3 years ago I am on version 3.1.1 [99b5a00] and having this issue, however there is no "certificate validation dropdown" under Settings > General, and in the Security section.
All I can find is a check box for "HTTPS certificate verification Verify certificates when connecting to indexers and RSS-sources using HTTPS." but that does not stop the error
bstlaurentnz
commented
3 years ago Just to add to this, I'm using Let's Encrypt certs for all my indexers (in this case Jackett) and they are fully valid. I'm getting this error as well.
Version 3.0.0.4204 Mono Version 5.20.1.34 Docker Yes
github-actions[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Roxedus
commented
3 years ago github-actions[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hello, I upgraded to the latest v3 image from the last 2.x image and I'm now receiving "Download clients unavailable due to failures: SABnzbd". Sabnzbd is running 2.3.9-0ubuntu1jcfp218.04-ls67 (due to issue #82 with sabnzbd)
Expected Behavior
Radarr continues to function with the configured download clients (Sabnzbd and Transmission).
Current Behavior
Error in System section: Download clients unavailable due to failures: SABnzbd. When I go to test the connection it fails with: "Test was aborted due to an error: Unable to connect to SABnzbd, The SSL connection could not be established, see inner exception. The remote certificate is invalid according to the validation procedure.: 'https://10.168.5.35:9090/api?mode=get_config&apikey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&output=json'"
At first glance it appears to be a X509 cert validation error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Unfortunately, I appear to be stuck as reverting back to the last 2.x release does not allow me to login anymore.
Steps to Reproduce
Environment
OS: Ubuntu 20.04.1 LTS CPU architecture: x86_64 How docker service was installed: official docker repo
Command used to create docker container (run/create/compose/screenshot)
docker-compose
radarr:
image: linuxserver/radarr container_name: radarr depends_on:
Docker logs
(NOTE: API Key is valid and working elsewhere for Sabnzbd)
[Warn] RadarrErrorPipeline: Invalid request Validation failed: -- Host: Unable to connect to SABnzbd -- : Test was aborted due to an error: Unable to connect to SABnzbd, The SSL connection could not be established, see inner exception. The remote certificate is invalid according to the validation procedure.: 'https://10.168.5.35:9090/api?mode=get_config&apikey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&output=json' [Error] X509CertificateValidationService: Certificate validation for https://10.168.5.35:9090/api?mode=queue&start=0&limit=0&apikey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&output=json failed. RemoteCertificateNameMismatch, RemoteCertificateChainErrors [Warn] DownloadMonitoringService: Unable to retrieve queue and history items from SABnzbd
[v3.0.0.4204] NzbDrone.Core.Download.Clients.DownloadClientUnavailableException: Unable to connect to SABnzbd, The SSL connection could not be established, see inner exception. The remote certificate is invalid according to the validation procedure.: 'https://10.168.5.35:9090/api?mode=queue&start=0&limit=0&apikey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&output=json' ---> System.Net.WebException: The SSL connection could not be established, see inner exception. The remote certificate is invalid according to the validation procedure.: 'https://10.168.5.35:9090/api?mode=queue&start=0&limit=0&apikey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&output=json' ---> System.Net.WebException: The SSL connection could not be established, see inner exception. The remote certificate is invalid according to the validation procedure. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest) --- End of stack trace from previous location where exception was thrown --- at System.Net.Security.SslStream.ThrowIfExceptional() at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result) at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult) at System.Net.Security.SslStream.<>c.b__65_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory
1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization) --- End of stack trace from previous location where exception was thrown --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at System.Net.HttpWebRequest.SendRequest() at System.Net.HttpWebRequest.GetResponse() --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetResponse() at NzbDrone.Common.Http.Dispatchers.ManagedHttpDispatcher.GetResponse(HttpRequest request, CookieContainer cookies) in D:\a\1\s\src\NzbDrone.Common\Http\Dispatchers\ManagedHttpDispatcher.cs:line 81 --- End of inner exception stack trace --- at NzbDrone.Common.Http.Dispatchers.ManagedHttpDispatcher.GetResponse(HttpRequest request, CookieContainer cookies) in D:\a\1\s\src\NzbDrone.Common\Http\Dispatchers\ManagedHttpDispatcher.cs:line 111 at NzbDrone.Common.Http.HttpClient.ExecuteRequest(HttpRequest request, CookieContainer cookieContainer) in D:\a\1\s\src\NzbDrone.Common\Http\HttpClient.cs:line 123 at NzbDrone.Common.Http.HttpClient.Execute(HttpRequest request) in D:\a\1\s\src\NzbDrone.Common\Http\HttpClient.cs:line 57 at NzbDrone.Core.Download.Clients.Sabnzbd.SabnzbdProxy.ProcessRequest(HttpRequestBuilder requestBuilder, SabnzbdSettings settings) in D:\a\1\s\src\NzbDrone.Core\Download\Clients\Sabnzbd\SabnzbdProxy.cs:line 185 --- End of inner exception stack trace --- at NzbDrone.Core.Download.Clients.Sabnzbd.SabnzbdProxy.ProcessRequest(HttpRequestBuilder requestBuilder, SabnzbdSettings settings) in D:\a\1\s\src\NzbDrone.Core\Download\Clients\Sabnzbd\SabnzbdProxy.cs:line 198 at NzbDrone.Core.Download.Clients.Sabnzbd.SabnzbdProxy.GetQueue(Int32 start, Int32 limit, SabnzbdSettings settings) in D:\a\1\s\src\NzbDrone.Core\Download\Clients\Sabnzbd\SabnzbdProxy.cs:line 113 at NzbDrone.Core.Download.Clients.Sabnzbd.Sabnzbd.GetQueue() in D:\a\1\s\src\NzbDrone.Core\Download\Clients\Sabnzbd\Sabnzbd.cs:line 56 at NzbDrone.Core.Download.Clients.Sabnzbd.Sabnzbd.GetItems()+MoveNext() in D:\a\1\s\src\NzbDrone.Core\Download\Clients\Sabnzbd\Sabnzbd.cs:line 187 at System.Collections.Generic.List1..ctor(IEnumerable1 collection) at System.Linq.Enumerable.ToList[TSource](IEnumerable1 source) at NzbDrone.Core.Download.TrackedDownloads.DownloadMonitoringService.ProcessClientDownloads(IDownloadClient downloadClient) in D:\a\1\s\src\NzbDrone.Core\Download\TrackedDownloads\DownloadMonitoringService.cs:line 89