SSL

Arne de Bree edited this page Jan 16, 2017 · 25 revisions

Windows

Prerequisites

Enabling SSL in Sonarr

  1. Go to Settings -> General
  2. Show advanced options
  3. Enable SSL, set the SSL port and certificate hash (Sonarr will remove all spaces from the hash as they are not required).
  4. Stop Sonarr, either through the UI or by stopping the service or killing the NzbDrone.exe or NzbDrone.Console.exe process.
  5. Ensure that server is started in *Run as Administrator * mode which allows it register SSL URL and certificate with Windows.
  6. Verify SSL connectivity
  7. If Sonarr server is still not listening on SSL port, then follow the workaround mentioned in this thread.

Linux / OS X

Limitations

At this time newer SSL technologies are not supported by mono and some browsers do not support the older technologies mono uses (for good reason), which means the steps below may not help you achieve SSL connectivity to Sonarr. A surefire way is to setup an nginx (or Apache) reverse proxy and use it for SSL offloading.

Prerequisites

  • SSL certificate with Private Key Create self-signed Certificate or generate your own
  • .pvk certificate, this can be done by converting a .key and .cert
  • Windows PC/VM. The conversion tool only works there. OpenSSL 1.0.0 and up should be able to do it, but it needs to be done without a pass phrase, currently (version 1.0.1l) this is not possible.

Converting key/cert to pvk on windows

  1. Download the PVK Conversion Tool (near the bottom) and extract it.

  2. Run pvk.exe via Command Prompt:

    pvk.exe -in yourdomain.key -topvk -nocrypt -out yourdomain.pvk

LetsEncrypt Support - Converting key/cert to pvk on linux

  1. Using OpenSSL >1.0.0 it should be possible to generate a .pvk using a .pem from LetsEncrypt

openssl rsa -in privkey.pem -outform PVK -pvk-none -out sonarr.pvk

  1. You will also need to generate a .cert from .pem

openssl x509 -inform PEM -in cert.pem -outform DER -out sonarr.cert

Synology Only

If you're not running Sonarr on a Synology, skip these steps

  1. Place the SSL certificate and converted key in pvk format in /volume1/@appstore/nzbdrone/var/
  2. Load the certificate with httpcfg (comes with mono) as nzbdrone, the user that runs Sonarr:

    su nzbdrone -c "/volume1/@appstore/mono/bin/httpcfg -add -port <SSL_PORT> -pvk yourdomain.pvk -cert yourdomain.cert"

    Replace <SSL_PORT> with the SSL port you set in Sonarr.

  3. Skip the importing step below as the pvk and cert have already been imported

Importing

  1. Load the certificate with httpcfg (comes with mono) with the user that runs Sonarr:

    httpcfg -add -port <SSL_PORT> -pvk yourdomain.pvk -cert yourdomain.cert

    Replace <SSL_PORT> with the SSL port you set in Sonarr.

Enabling SSL in Sonarr

  1. Go to Settings -> General
  2. Show advanced options
  3. Enable SSL, set the SSL port
  4. Save
  5. Verify

Generate a Self-signed Certificate

openssl genrsa -out yourdomain.key 2048
openssl req -new -x509 -key yourdomain.key -out yourdomain.cert -days 3650 -subj /CN=yourdomain