Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
ECC Certificate (ECDSA) fails in built-in web-server #353
Using a Let's Encrypt ECC cert for TLS fails. The NGBGet server process listens on the TLS port, but browsers show an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error when negotiating the connection.
Openssl doesn't ever see the server certificate in the negotiation:
Are you sure you are connecting to correct port?
Can you please verify that when you use a self-signed certificate from http://www.selfsignedcertificate.com/ it works? This is to ensure the problem occurs only with let's encrypt certificates and is not a general one.
Once verified I would need a certificate to test with. Can you provide me with one? That would be a great help.
More info about your system may help too:
Yes, port is correct.
Platform: QNap - installed first from QNap package, since upgraded using the upgrade option wishing nzbget to the current beta build.
The issue actually only occurs when using an ECC cert from Let's Encrypt. RSA certificates (just like self-signed) work fine. You can create certs directly from Let's Encrypt using a client like acme.sh to test with.
RSA cert (requires port 80 open): acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
I wasn't able to figure out how to enable debugging to see if anything is thrown on the server side error wise. If you can share how to enable, I can collect that information as well to trace what might be failing on the listener.