Webserver using HTTPS
Requires: pyopenssl (listed as
python-openssl under apt-get)
To make the communication between SABnzbd and your web browser private, you can enable HTTPS (secured HTTP). The purpose of a certificate is two-fold; one is to give you encrypted communication, the other is to authenticate the server. The certificate authority guarantees that you are actually talking to the website of your bank or similar service. Web browsers are very fussy about the authentication part, and by default will complain unless you buy your own certificate.
By default SABnzbd will create self signed certificates for you to use. These however will give browser warnings when you try to connect however it is usually easy to make an exception for these certificates.
The default key and certs are located inside your admin folder of the folder where your sabnzbd.ini is. For example:
Windows: %localappdata%/sabnzbd/admin/server.cert %localappdata%/sabnzbd/admin/server.key Linux: ~/.sabnzbd/admin/server.cert ~/.sabnzbd/admin/server.key
You can change the location of these files by entering the full path to both in Config->General.
If you want trouble-free communication you need to buy a certificate from one of the many Certificate Authorities, for example from Verisign or Let’s Encrypt (see below).
Be warned that certificates come with different capabilities and hence, different prices. You probably only need a basic certificate, but even these are expensive not worth the price for just accessing SABnzbd.
To turn on access using HTTPS, you need enable https and specify what port to listen on, this can be done in Config->General or using the
--https sslport command (see Command Line Parameters). This enables HTTPS on the same host as specified in
-s host:port. Please make sure the port is different from the one that is set for normal HTTP access.
You will then be able to access SABnzbd at
If you expose SABnzbd to the Internet you can use 443 as port number, as this is the official number for HTTPS and allows you to not specify the port when accessing. Please note using a port number below 1024 requires running as root under linux.
Creating a valid certificate using Let’s Encrypt
If you run SABnzbd behind an Apache proxy, you can create free valid certificates using Let's Encrypt.
A guide is available on the forums.
Create a self-signed certificate with OpenSSL.
From a command prompt type:
openssl genrsa 1024 > host.key openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert