+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: Cryptography error while trying to update metadata from OMDB (/t-cryptography-error-while-trying-to-update-metadata-from-omdb)
Cryptography error while trying to update metadata from OMDB - Yoeri - 2024-07-16
[EDIT: Below issue was resolved by rebooting Ubuntu, which probably flushed a bunch of firewall stuff. Detailed troubleshooting below.]
Hi everyone!
I've started using Jellyfin recently and am very happy with it. Initially, scanning for metadata worked perfectly, but since recently I've been getting SSL errors like this one after pressing the Rescan all libraries button from the dashboard:
Code:
[2024-07-16 14:50:31.397 +02:00] [ERR] Error in "The Open Movie Database"
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation.
at System.Security.Cryptography.X509Certificates.OpenSslX509ChainProcessor.InitiateChain(SafeX509Handle leafHandle, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode, DateTime verificationTime, TimeSpan remainingDownloadTime)
at System.Security.Cryptography.X509Certificates.ChainPal.BuildChainCore(Boolean useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode, DateTime verificationTime, TimeSpan timeout, Boolean disableAia)
at System.Security.Cryptography.X509Certificates.ChainPal.BuildChain(Boolean useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode, DateTime verificationTime, TimeSpan timeout, Boolean disableAia)
at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate, Boolean throwOnException)
at System.Net.Security.CertificateValidation.BuildChainAndVerifyProperties(X509Chain chain, X509Certificate2 remoteCertificate, Boolean checkCertName, Boolean _, String hostName)
at System.Net.Security.SslStream.VerifyRemoteCertificate(RemoteCertificateValidationCallback remoteCertValidationCallback, SslCertificateTrust trust, ProtocolToken& alertToken, SslPolicyErrors& sslPolicyErrors, X509ChainStatusFlags& chainStatus)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.<SendCoreAsync>g__Core|5_0(HttpRequestMessage request, Boolean useAsync, CancellationToken cancellationToken)
at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.<SendCoreAsync>g__Core|5_0(HttpRequestMessage request, Boolean useAsync, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at System.Net.Http.Json.HttpClientJsonExtensions.<FromJsonAsyncCore>g__Core|12_0[TValue,TJsonOptions](HttpClient client, Task`1 responseTask, Boolean usingResponseHeadersRead, CancellationTokenSource linkedCTS, Func`4 deserializeMethod, TJsonOptions jsonOptions, CancellationToken cancellationToken)
at MediaBrowser.Providers.Plugins.Omdb.OmdbProvider.EnsureItemInfo(String imdbId, CancellationToken cancellationToken)
at MediaBrowser.Providers.Plugins.Omdb.OmdbProvider.GetRootObject(String imdbId, CancellationToken cancellationToken)
at MediaBrowser.Providers.Plugins.Omdb.OmdbProvider.Fetch[T](MetadataResult`1 itemResult, String imdbId, String language, String country, CancellationToken cancellationToken)
at MediaBrowser.Providers.Plugins.Omdb.OmdbItemProvider.GetResult[T](ItemLookupInfo info, CancellationToken cancellationToken)
at MediaBrowser.Providers.Manager.MetadataService`2.ExecuteRemoteProviders(MetadataResult`1 temp, String logName, Boolean replaceData, TIdType id, IEnumerable`1 providers, CancellationToken cancellationToken)This is not contained to just this source, but MusicBrainz also throws a similar error, so it seems unlikely to me that the issue is with the source.
I usually include the imdb-id in the filepath of any series I upload, which automatically seemed to get pulled before these errors started appearing. I'm on Jellyfin version 10.9.7, hosted on an Ubuntu 22.04 LTS server.
Some things I've tried:
Checking the firewall -- every port is open over ipv4 and ipv6. I'm reaching jellyfin through a DNS name, which is non-SSL at the moment. Not sure what else I can check here.
Directly approaching the open movie database: I've executed the following call:
Code:
curl -v "https://www.omdbapi.com/?i=MOVIE_ID&apikey=test"Checking the system time (correct) and then setting syncing it with an NTP server, just to be safe. ( sudo timedatectl set-ntp on )
Updating my certificate chain, using the following:
Code:
sudo update-ca-certificatesNone of these have worked so far. I've also trawled the forums to see if anyone else has experienced this issue, but I was unable to find a thread which resembles my issue. My guess is that it's something specific to my Jellyfin configuration, as connections from the server itself seem to work.
In terms of things I've changed between Jellyfin's metadata sync working and it stopping to work: hard to say. I've been playing around with the firewall, adding custom CSS to Jellyfin (also tested a rollback on that, even though it shouldn't matter), and I've been renaming files.
Any input would be greatly appreciated! If there's more information you all need, feel free to request below.
RE: Cryptography error while trying to update metadata from OMDB - Yoeri - 2024-07-16
Adding another example here with debug logging on:
Code:
[2024-07-16 15:57:34.436 +02:00] [DBG] Running "OmdbItemProvider" for "/media/massstorage/shows.and.series/House of the Dragon [imdbid-tt11198330]"
[2024-07-16 15:57:34.447 +02:00] [ERR] Error in "TheMovieDb"
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation.
at System.Security.Cryptography.X509Certificates.OpenSslX509ChainProcessor.InitiateChain(SafeX509Handle leafHandle, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode, DateTime verificationTime, TimeSpan remainingDownloadTime)
at System.Security.Cryptography.X509Certificates.ChainPal.BuildChainCore(Boolean useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode, DateTime verificationTime, TimeSpan timeout, Boolean disableAia)
at System.Security.Cryptography.X509Certificates.ChainPal.BuildChain(Boolean useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode, DateTime verificationTime, TimeSpan timeout, Boolean disableAia)
at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate, Boolean throwOnException)
at System.Net.Security.CertificateValidation.BuildChainAndVerifyProperties(X509Chain chain, X509Certificate2 remoteCertificate, Boolean checkCertName, Boolean _, String hostName)
at System.Net.Security.SslStream.VerifyRemoteCertificate(RemoteCertificateValidationCallback remoteCertValidationCallback, SslCertificateTrust trust, ProtocolToken& alertToken, SslPolicyErrors& sslPolicyErrors, X509ChainStatusFlags& chainStatus)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at TMDbLib.Rest.RestRequest.SendInternal(HttpMethod method, CancellationToken cancellationToken)
at TMDbLib.Rest.RestRequest.Get[T](CancellationToken cancellationToken)
at TMDbLib.Rest.RestRequestExtensions.GetOfT[T](RestRequest request, CancellationToken cancellationToken)
at TMDbLib.Client.TMDbClient.GetConfigAsync()
at MediaBrowser.Providers.Plugins.Tmdb.TmdbClientManager.EnsureClientConfigAsync()
at MediaBrowser.Providers.Plugins.Tmdb.TmdbClientManager.GetEpisodeAsync(Int32 tvShowId, Int32 seasonNumber, Int32 episodeNumber, String displayOrder, String language, String imageLanguages, CancellationToken cancellationToken)
at MediaBrowser.Providers.Plugins.Tmdb.TV.TmdbEpisodeProvider.GetMetadata(EpisodeInfo info, CancellationToken cancellationToken)
at MediaBrowser.Providers.Manager.MetadataService`2.ExecuteRemoteProviders(MetadataResult`1 temp, String logName, Boolean replaceData, TIdType id, IEnumerable`1 providers, CancellationToken cancellationToken)RE: Cryptography error while trying to update metadata from OMDB - TheDreadPirate - 2024-07-16
Do you have IPv6 enabled in Jellyfin? This often happens when a system is not fully setup to support IPv6.
Try disabling IPv6 in Jellyfin and/or your OS.
RE: Cryptography error while trying to update metadata from OMDB - Yoeri - 2024-07-16
Thanks for the advice so far! I resolved the issue, but for posterity sake, I'll describe the following steps in the hope it helps the next person who encounters this problem.
I've attempted the following:
1) disabling IPv6 on Jellyfin (this was already disabled on my configuration, so didn't need to change any settings)
2) disabling IPv6 on Ubuntu by using the following commands:
Code:
#comment: this only works until the next reboot!
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1after this was done I attempted another rescan, to no avail.
I had already tried restarting Jellyfin, which didn't work, but eventually I decided to just restart the entire server, which resolved the issue! I'm assuming that due to me adjusting the firewall a lot, something just got stuck. For context; I'm renting this server from a provider who's providing a firewall interface as well, so I can imagine that this can get a little hormonal when you adjust it 30 times a day.