AltHUB Indexer Error - Unable to find valid certification path

[cdalton713]

Log Line:

{"@timestamp":"2018-10-03T21:37:30.003+00:00","@version":"1","message":"Connection check with indexer AltHUB failed with message: Error while communicating with indexer AltHUB. Server returned: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","logger_name":"org.nzbhydra.indexers.capscheck.NewznabChecker","thread_name":"http-nio-0.0.0.0-5076-exec-5","level":"WARN","level_value":30000,"IPADDRESS":"172.19.0.1"}

nzbhydra-debuginfos-2018-10-03-16-46.zip

[theotherp]

As a quick fix you can just disable SSL certificate verification in the main settings.

I've looked into it and currently don't have an idea how to fix it properly as this is really in depth SSL stuff which I don't know enough about.

[juanchristian]

Have the same issue. Had to disable SSL check.

[Hobbabobba]

carefull: if you disable SSL check in general settings, you disable it for any indexer! better change the URL-setting for AltHub from HTTPS to HTTP and you are fine

[theotherp]

I'll try to add an option to disable certificate checking per indexer as a quick fix and get a proper solution for the problem in the long run, but I don't have much time at the moment.

[theotherp]

I can't reproduce this anymore. Can you verify this is fixed in the latest version?

If not, I at least added an option to disable SSL verification by host.

[cdalton713]

Still happens for me. I added them to the disable by Host field and it worked again.

Thanks!

nzbhydra-debuginfos-2018-10-23-13-30.zip

[Hobbabobba]

updated to v2.0.11 but it still happens. thx.

[theotherp]

Which docker are you both running?

[cdalton713]

I've had this issue on my Macbook (idk what version) and on Unraid running docker 18.06.1-ce

[theotherp]

By which maintainer? My docker? linuxserver.io's? Binhex'?

[cdalton713]

Linuxserver's.

Docker 1bd30973bd80 (if that number is useful)

[Hobbabobba]

Docker from linuxserver (latest)

[Hobbabobba]

tried with a "normal" installation of nzbhydra2 on a Ubuntu 16 LTS server: same problem (didn´t use the docker container)

[theotherp]

Hm, could be related to the use of OpenJDK. At least I'll be able to reproduce it with the docker container.

[theotherp]

The problem is, as far as I understand it, is something called SNI which allows that the same certificate is used for multiple domains (on the same server). While Java 8 and upwards should support that for some reason I can't get it to work with my code. The certificate is found but is supposedly for "althub.co.za" which doesn't match "api.althub.co.za". I had to import the certificate for the latter into the packaged cacerts file. It should work with the next version.

The solution isn't ideal as I would need to do this for any indexer with the same problem but it's a solution nonetheless.

[theotherp]

I just tested it and it works.

[cdalton713]

You're awesome, thanks! Linuxserver hasn't pushed the update for me yet but I'll try it out soon.

[cdalton713]

Just updated, still not working for me.

Unraid LinuxServer.io/hydra2 version 2.0.12 nzbhydra-debuginfos-2018-10-26-08-25.zip

[theotherp]

Try changing "api.althub.co.za" to "althub.co.za".

[theotherp]

I don't understand, it worked when I tested it :-(

[cdalton713]

Genius! I should have tried that myself... removing api worked!

[theotherp]

That's a workaround, I just found out why the update didn't work. Should hopefully actually work in next release even with "api."

[theotherp]

Shit, still not fixed. Well, it works for now...