You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
Home > Announcements > TLS certificate verification failed
TLS certificate verification failed
print icon
Jun 02, 2023
views icon 2578

If you are encountering SSL/TLS connection errors, it is likely that the expiration of the DST Root CA X3 certificate is the cause.

The bulk of reports of this issue have been from users of NZBGet and SABnzbd. Check for and delete expired R3 cert from LetsEncrypt. 
 

NZBGet uses its own file for CA certificate checks, so you will need to manually edit the cacert.pem file yourself or download the latest version according to their official instructions here: https://github.com/nzbget/nzbget/issues/784#issuecomment-931609658 :

For your convenience I've prepared fixed cacert.pemhttps://nzbget.net/info/cacert.pem.

 

Please download it using your web-browser and put it over existing file in nzbget installation:

  • On Windows: under C:\Program Files\NZBGet;
  • On Mac: /Applications/NZBGet.app/Contents/Resources/tools;
  • On Linux if you use installation package from nzbget download page: in nzbget installation directory, the file is near nzbget executable;
  • On Linux if you use Docker: inside docker container in nzbget installation directory, the file is near nzbget executable.

 

When downloading the file, please make sure it was saved as cacert.pem, some browsers may change file extension.

 

After replacing cacert.pem you need to reload nzbget via Settings->System->Reload or just restart the app.

 

Alternatively, you can disable certificate validation via option CertCheck in Settings -> Security.

 

For SABnzbd, the issue is most likely with the operating system's CA certificates.

 

Windows users may be able to resolve the issue by following these steps:

  1. Open Run and type mmc.exe
  2. Select <File>, <Add/Remove Snap-In>
  3. Choose <Certificates>
  4. Select <My User Account>, and click<OK>
  5. Expand <Certificates - Current User>
  6. Expand <Intermediate Certificate Authorities>, and Click <Certificates>
  7. Find and delete the expired DST Root CA X3 and/or Let's Encrypt R3 certificates.

 

Linux users should research the proper way to update the operating system's CA information; update-ca-certificates may be all you need. You may find Let's Encrypt's help thread useful.

 

SABnzbd error strings:

"Certificate not valid. This is most probably a server issue."

"untrusted certificate"

 

NZBGet error strings:

TLS certificate verification failed

Feedback
0 out of 0 found this helpful

close button
scroll to top icon