1
0
mirror of https://github.com/Sonarr/Sonarr.git synced 2024-11-21 10:12:35 +01:00
33 SSL
bakerboy448 edited this page 2022-09-28 13:46:26 -05:00

Windows

Prerequisites

Enabling SSL in Sonarr

  1. Go to Settings -> General
  2. Show advanced options
  3. Enable SSL, set the SSL port and certificate hash (Sonarr will remove all spaces from the hash as they are not required).
  4. Stop Sonarr, either through the UI or by stopping the service or killing the NzbDrone.exe or NzbDrone.Console.exe process.
  5. Ensure that server is started in **Run as Administrator ** mode which allows it register SSL URL and certificate with Windows.
  6. Verify SSL connectivity
  7. If Sonarr server is still not listening on SSL port, then follow the workaround mentioned in this thread.

Linux / OS X

Limitations

There are two issues with mono and SSL:

  1. New ciphers aren't supported so some browsers block the connections by default (chrome and FF both do this) Mono doesn't support intermediate certificates, which results in a broken chain and the browsers end up requesting a client certificate

  2. The second issue can be mitigated by using a certificate chain that doesn't have an intermediate certificate, but most CAs use an intermediate certificate (at least the trusted public ones), which means it leaves you to a self signed certificate. The easiest solution for the time being is a reverse proxy with nginx or apache.

Prerequisites

  • SSL certificate with Private Key Create self-signed Certificate or generate your own
  • .pvk certificate, this can be done by converting a .key and .crt
  • Windows PC/VM. The conversion tool only works there. OpenSSL 1.0.0 and up should be able to do it, but it needs to be done without a pass phrase, currently (version 1.0.1l) this is not possible.

Converting key/cert to pvk on windows

  1. Download the PVK Conversion Tool and extract it.

  2. Run pvk.exe via Command Prompt:

    pvk.exe -in yourdomain.key -topvk -nocrypt -out yourdomain.pvk
    

LetsEncrypt Support - Converting key/cert to pvk on linux

  1. Using OpenSSL >1.0.0 it should be possible to generate a .pvk using a .pem from LetsEncrypt

    openssl rsa -in privkey.pem -outform PVK -pvk-none -out yourdomain.pvk
    
  2. You will also need to generate a .cert from .pem

    openssl x509 -inform PEM -in cert.pem -outform DER -out yourdomain.crt
    

Synology Only

If you're not running Sonarr on a Synology, skip these steps

  1. Place the SSL certificate and converted key in pvk format in /volume1/@appstore/nzbdrone/var/

  2. Load the certificate with httpcfg (comes with mono) as sc-nzbdrone, the user that runs Sonarr:

    su sc-nzbdrone -c "/volume1/@appstore/mono/bin/httpcfg -add -port <SSL_PORT> -pvk yourdomain.pvk -cert yourdomain.crt"
    

Replace <SSL_PORT> with the SSL port you set in Sonarr. 3. Skip the importing step below as the pvk and cert have already been imported

Importing

Load the certificate with httpcfg (comes with mono) with the user that runs Sonarr:

httpcfg -add -port <SSL_PORT> -pvk yourdomain.pvk -cert yourdomain.crt

Replace <SSL_PORT> with the SSL port you set in Sonarr.

Enabling SSL in Sonarr

  1. Go to Settings -> General
  2. Show advanced options
  3. Enable SSL, set the SSL port
  4. Save
  5. Verify

Generate a Self-signed Certificate

openssl genrsa -out yourdomain.key 2048
openssl req -new -x509 -key yourdomain.key -out yourdomain.crt -days 3650 -subj /CN=yourdomain