On or after September 29, 2021, if you are suddenly encountering SSL/TLS connection errors, it is likely that the expiration of the DST Root CA X3 certificate is the cause. Our servers have up-to-date certificate chains, but some client systems are not prepared for this situation. If you are reading this article, your operating system or Usenet client software likely need to be updated or manually fixed.
The bulk of reports of this issue have been from users of either NZBGet or SABnzbd.
NZBGet uses its own file for CA certificate checks, so you will need to manually edit the cacert.pem file yourself or download the latest version according to their official instructions here: https://nzbget.com/documentation/certificate-verification/
For SABnzbd, the issue is most likely with the operating system's CA certificates.
Windows users may be able to resolve the issue by following these steps:
- Open Run and type mmc.exe
- Select <File>, <Add/Remove Snap-In>
- Choose <Certificates>
- Select <My User Account>, and click<OK>
- Expand <Certificates - Current User>
- Expand <Intermediate Certificate Authorities>, and Click <Certificates>
- Find and delete the expired DST Root CA X3 and/or Let's Encrypt R3 certificates.
Linux users should research the proper way to update the operating system's CA information. update-ca-certificates may be all you need. You may find Let's Encrypt's help thread useful.
SABnzbd error strings:
"Certificate not valid. This is most probably a server issue."
"untrusted certificate"
NZBGet error strings:
TLS certificate verification failed