search

mdhiggins / sickbeard_mp4_automator

Automatically convert video files to a standardized format with metadata tagging to create a beautiful and uniform media library
MIT License
1.52k stars 202 forks source link

SSL3_GET_SERVER_CERTIFICATE #578

Closed samcro1967 closed 8 years ago

samcro1967 commented 8 years ago

I am getting the following error. I do have https enabled in CP. I have double checked the settings in autoProcess.ini for CP. Any suggestions?

2016-10-19 10:43:37 - autoprocess.autoProcessMovie - INFO - Waiting for 65.0 seconds to allow CPS to process newly extracted files. 2016-10-19 10:44:42 - autoprocess.autoProcessMovie - INFO - Opening URL: https://localhost:5050/couchpotato/api//renamer.scan. Traceback (most recent call last): File "C:\Users\user\Documents\sickbeard_mp4_automator-master\SABPostProcess.py", line 74, in autoProcessMovie.process(path, settings, nzb, sys.argv[7]) File "C:\Users\user\Documents\sickbeard_mp4_automator-master\autoprocess\autoProcessMovie.py", line 91, in process r = requests.get(url, params=params) File "C:\Python27\lib\site-packages\requests\api.py", line 70, in get return request('get', url, params=params, _kwargs) File "C:\Python27\lib\site-packages\requests\api.py", line 56, in request return session.request(method=method, url=url, _kwargs) File "C:\Python27\lib\site-packages\requests\sessions.py", line 475, in request resp = self.send(prep, _send_kwargs) File "C:\Python27\lib\site-packages\requests\sessions.py", line 596, in send r = adapter.send(request, _kwargs) File "C:\Python27\lib\site-packages\requests\adapters.py", line 497, in send raise SSLError(e, request=request) requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",)

mdhiggins commented 8 years ago

Either turn off SSL or fix your certificates

Sent from my iPhone

On Oct 19, 2016, at 11:52, osuhickeys notifications@github.com wrote:

I am getting the following error. I do have https enabled in CP. I have double checked the settings in autoProcess.ini for CP. Any suggestions?

2016-10-19 10:43:37 - autoprocess.autoProcessMovie - INFO - Waiting for 65.0 seconds to allow CPS to process newly extracted files. 2016-10-19 10:44:42 - autoprocess.autoProcessMovie - INFO - Opening URL: https://localhost:5050/couchpotato/api/2f03ff7c190541dbb0eee804911d0191/renamer.scan. Traceback (most recent call last): File "C:\Users\mark\Documents\sickbeard_mp4_automator-master\SABPostProcess.py", line 74, in autoProcessMovie.process(path, settings, nzb, sys.argv[7]) File "C:\Users\mark\Documents\sickbeard_mp4_automator-master\autoprocess\autoProcessMovie.py", line 91, in process r = requests.get(url, params=params) File "C:\Python27\lib\site-packages\requests\api.py", line 70, in get return request('get', url, params=params, kwargs) File "C:\Python27\lib\site-packages\requests\api.py", line 56, in request return session.request(method=method, url=url, kwargs) File "C:\Python27\lib\site-packages\requests\sessions.py", line 475, in request resp = self.send(prep, send_kwargs) File "C:\Python27\lib\site-packages\requests\sessions.py", line 596, in send r = adapter.send(request, kwargs) File "C:\Python27\lib\site-packages\requests\adapters.py", line 497, in send raise SSLError(e, request=request) requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

zybeon commented 8 years ago

I will add to this that as long as you connect using the address "localhost" or "127.0.0.1" no mater what you do with your certificates it will still give you the same error as you can't get a valid SSL certificate on those addresses.

There are two things you can do to fix it. The easy way or the hard way that cost money. There is a third option that I recommend most and is what I do.

Easy way (loose encryption). Turn off HTTPS access on CP and update autoProcess.ini.

Hard way (keep encryption).

  1. Register a domain name ($3-15/yr).
  2. Use the registrars DDNS service to point to your IP address.
  3. Either buy a SSL certificate ($5-25/yr) or go to https://www.startssl.com/ or https://letsencrypt.org/ for a free one.
  4. Download your certificate and point CP to it.
  5. Update autoProcess.ini to your domain name.

Recommended (mix of both with extra steps, most secure)

  1. Turn off HTTPS access on all services
  2. Set all services to only allow access from localhost.
  3. Set up all services "urlbase" settings to something like, "movies,tvshows,nzbget,"
  4. Update autoProcess.ini to use http and either "localhost" or "127.0.0.1".
  5. Do steps 1-3 from above.
  6. Download and install a web server, I prefer nginx but you can also use Apache.
  7. Setup a reverse proxy on your web server for every service. There are plenty of How-to's for that.
  8. Bonus step is to setup your router to forward ports 80 and 443 from your server so you can access all your services anywhere.
  9. Extra bonus step, setup your web service to require HTTPS (HSTS) and only allow TSL 1.1 and 1.2 connections for improved security. https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

Now you can access your CP from anywhere by going to https://yourdomainname.com/movies

samcro1967 commented 8 years ago

Thanks zybeon. I am already using a reverse proxy and SSL on the outside. I am hosting my apps in a DMZ and also use SSL there. This is only an issue for CP as it will not support http and https simultaneously. I'll disable SSL for CP and point the other apps to the http site.

mdhiggins commented 7 years ago

Thanks for this detailed answer. Making my job easier

Sent from my iPhone

On Oct 20, 2016, at 11:07, zybeon notifications@github.com wrote:

I will add to this that as long as you connect using the address "localhost" or "127.0.0.1" no mater what you do with your certificates it will still give you the same error as you can't get a valid SSL certificate on those addresses.

There are two things you can do to fix it. The easy way or the hard way that cost money. There is a third option that I recommend most and is what I do.

Easy way. Turn off HTTPS access on CP and update autoProcess.ini.

Hard way.

  1. Register a domain name ($3-15/yr).
  2. Use the registrars DDNS service to point to your IP address.
  3. Either buy a SSL certificate ($5-25/yr) or go to https://www.startssl.com/ or https://letsencrypt.org/ for a free one.
  4. Download your certificate and point CP to it.
  5. Update autoProcess.ini to your domain name.

Recommended (mix of both with extra steps, most secure)

  1. Turn off HTTPS access on all services
  2. Set all services to only allow access from localhost.
  3. Set up all services "urlbase" settings to something like, "movies,tvshows,nzbget,"
  4. Update autoProcess.ini to use http and either "localhost" or "127.0.0.1".
  5. Do steps 1-3 from above.
  6. Download and install a web server, I prefer nginx but you can also use Apache.
  7. Setup a reverse proxy on your web server for every service. There are plenty of How-to's for that.
  8. Bonus step is to setup your router to forward ports 80 and 443 from your server so you can access all your services anywhere.
  9. Extra bonus step, setup your web service to require HTTPS (HSTS) and only allow TSL 1.1 and 1.2 connections for improved security. https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

Now you can access your CP from anywhere by going to https://yourdomainname.com/movies

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.