Sonarr/Radarr (probably other *arr) jails unable to verify SSL certificates after latest update

oliber

Cadet
Joined
Oct 19, 2021
Messages
3
This is known issue with the FreeBSD's Mono 6.8 package that is missing it's root CA store, as the cert-sync and mozroots tools write to /usr/share (which is mounted as RO in jails) - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258709

A quick fix for this is to copy the trusted root store from a jail after using cert-sync or mozroots for example:

iocage console sonarr
mozsync --import --sync
logout
cp -R /mnt/iocage/jails/sonarr/root/root/.config/.mono/* /mnt/iocage/releases/12.2-RELEASE/root/usr/share/.mono

I expect this is NOT a good fix, but it works around the issue in the interim; the bugzilla changes the path to usr/local/share, I am not

There was a similar thread opened and was incorrectly closed, hence a this thread.
 

oliber

Cadet
Joined
Oct 19, 2021
Messages
3
Pressed fire too soon - "the bugzilla changes the path to usr/local/share, however copying the .mono folder structure to this location does not pull in the certificate store"
 

dg1m_

Cadet
Joined
Oct 20, 2021
Messages
1
Pressed fire too soon - "the bugzilla changes the path to usr/local/share, however copying the .mono folder structure to this location does not pull in the certificate store"
Okay, so right now there isn't a fix?
 

oliber

Cadet
Joined
Oct 19, 2021
Messages
3
Using the steps I provided, you can work around the issue until a more permanent fix is provided by the plugin providers.
 

pk007_za

Dabbler
Joined
Oct 5, 2011
Messages
19
I didnt have mozsync installed, but this worked for me:

wget -O - https://curl.haxx.se/ca/cacert.pem | cert-sync --user /dev/stdin

and then this:

cp -R /mnt/RAID5SSD/iocage/jails/jackett/root/root/.config/.mono/ /mnt/RAID5SSD/iocage/releases/12.2-RELEASE/root/usr/share/.mono

as per oliber's post.

And no more mono errors when I test my Jacket source:

1634832960586.png
 

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
I didnt have mozsync installed, but this worked for me:

wget -O - https://curl.haxx.se/ca/cacert.pem | cert-sync --user /dev/stdin

and then this:

cp -R /mnt/RAID5SSD/iocage/jails/jackett/root/root/.config/.mono/ /mnt/RAID5SSD/iocage/releases/12.2-RELEASE/root/usr/share/.mono
I ran these commands but it didn't work for 1337x. It gave the "Challenge detected but FlareSolverr is not configured " error. I installed eztv and it did work. Not sure if it was working before the above commands as I didn't have it installed.
 

pk007_za

Dabbler
Joined
Oct 5, 2011
Messages
19
I ran these commands but it didn't work for 1337x. It gave the "Challenge detected but FlareSolverr is not configured " error. I installed eztv and it did work. Not sure if it was working before the above commands as I didn't have it installed.

I had a problem with RARBG as well after testing last night, but I just checked this morning and all of my Indexers are working correctly now, as well as 1337:
1634876342957.png

Perhaps the Letsencrypt cert issue affected them as well and they resolved issues shortly after we tested.

Either way, working for me completely now.
 

mattnewark

Cadet
Joined
Oct 25, 2021
Messages
4
This is known issue with the FreeBSD's Mono 6.8 package that is missing it's root CA store, as the cert-sync and mozroots tools write to /usr/share (which is mounted as RO in jails) - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258709

A quick fix for this is to copy the trusted root store from a jail after using cert-sync or mozroots for example:

iocage console sonarr
mozsync --import --sync
logout
cp -R /mnt/iocage/jails/sonarr/root/root/.config/.mono/* /mnt/iocage/releases/12.2-RELEASE/root/usr/share/.mono

I expect this is NOT a good fix, but it works around the issue in the interim; the bugzilla changes the path to usr/local/share, I am not

There was a similar thread opened and was incorrectly closed, hence a this thread.
I must be a an idiot. I have done what you have posted and I have a .config file in my sonarr jail but when I run the code that you have posted changing to my structure it doesn't work. I get no file or directory for this part:

Code:
/mnt/RAID5SSD/iocage/releases/12.2-RELEASE/root/usr/share/.mono


Can you help please?
 

pk007_za

Dabbler
Joined
Oct 5, 2011
Messages
19
This directory is going to be specific to your installation:

whilst my tank is named: "RAID5SSD" yours might be named differently - you'll need to find your specific one and alter the destination path.
 

mattnewark

Cadet
Joined
Oct 25, 2021
Messages
4
This directory is going to be specific to your installation:

whilst my tank is named: "RAID5SSD" yours might be named differently - you'll need to find your specific one and alter the destination path.

Code:
/mnt/MainPool/iocage/releases/12.2-RELEASE/root/usr/share/.mono


This is what I was using and changing the Tank to my pool name.

Should I be doing the command in the jail shell?
 

pk007_za

Dabbler
Joined
Oct 5, 2011
Messages
19
Code:
/mnt/MainPool/iocage/releases/12.2-RELEASE/root/usr/share/.mono


This is what I was using and changing the Tank to my pool name.

Should I be doing the command in the jail shell?

no outside of the jail, and whilst the jail is stopped.

once you do the directory copy, restart the jail, log into it andsee if you have a /user/share/.mono directory
 

SlackerDude

Explorer
Joined
Feb 1, 2014
Messages
76
I found this worked for me:
Certificate fix for Jackett, Sonarr, & Radarr
Run these two lines from inside the jail shell: ( wget was not installed in my jails)
Code:
pkg install wget

Code:
wget -O - https://curl.haxx.se/ca/cacert.pem | cert-sync --user /dev/stdin

Stop the jail
and then...
This from inside the TrueNAS shell:
Code:
cp -R /mnt/media/iocage/jails/jackett_2021/root/root/.config/.mono/ /mnt/media/iocage/releases/12.2-RELEASE/root/usr/share/.mono

Code:
cp -R /mnt/media/iocage/jails/radarr_2021/root/root/.config/.mono/ /mnt/media/iocage/releases/12.2-RELEASE/root/usr/share/.mono

Code:
cp -R /mnt/media/iocage/jails/sonarr_2021/root/root/.config/.mono/ /mnt/media/iocage/releases/12.2-RELEASE/root/usr/share/.mono
 

Dellyjoe

Explorer
Joined
Jun 12, 2020
Messages
80
@SlackerDude

I just wanted to say thank you, This problem was given me issues for about 4 days. Coming home from work and then working until late to figure it out. I had no luck. Until I found this post.

Thank you for saving me stress.


Joe
 

ver151set

Dabbler
Joined
Jan 28, 2015
Messages
37
Thanks guys, keep thinking of switching to scale to not have so many issues with plugins but too much work. Yall the real MVPs
 
Top