diff --git a/docs/using-seerr/advanced/self-signed-certificates.mdx b/docs/using-seerr/advanced/self-signed-certificates.mdx new file mode 100644 index 00000000..7ad8b22c --- /dev/null +++ b/docs/using-seerr/advanced/self-signed-certificates.mdx @@ -0,0 +1,61 @@ +--- +id: self-signed-certificates +title: Self-Signed Certificates +sidebar_label: Self-Signed Certificates +description: How to configure Seerr to work with services that use self-signed SSL certificates. +--- + +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +# Self-Signed Certificates + +If your media server or services (Radarr, Sonarr, etc.) use self-signed SSL certificates, Seerr will reject the connection because it does not trust them by default. The fix is to add your CA certificate to Node.js. + +## Add Your CA Certificate + +The `NODE_EXTRA_CA_CERTS` environment variable tells Node.js to trust additional Certificate Authority (CA) certificates. This approach keeps certificate validation active while trusting your specific certificate. + +You will need to mount your certificate file (in PEM format) into the container and set the environment variable to point to it. + +:::note +These examples show only the certificate-related configuration. For a complete setup, see the [Getting Started](/getting-started) guide. +::: + + + + +```bash +docker run -d \ + --name seerr \ + -e NODE_EXTRA_CA_CERTS=/certs/my-ca.pem \ + -v /path/to/my-ca.pem:/certs/my-ca.pem:ro \ + -p 5055:5055 \ + ghcr.io/seerr-team/seerr:latest +``` + + + + +```yaml +services: + seerr: + image: ghcr.io/seerr-team/seerr:latest + environment: + - NODE_EXTRA_CA_CERTS=/certs/my-ca.pem + volumes: + - /path/to/my-ca.pem:/certs/my-ca.pem:ro + ports: + - 5055:5055 +``` + + + + +Replace `/path/to/my-ca.pem` with the actual path to your CA certificate on the host. The path after the colon (`/certs/my-ca.pem`) is where it will be available inside the container. + +:::tip +The certificate must be in PEM format. Open it in a text editor — if it starts with `-----BEGIN CERTIFICATE-----`, it is PEM. If it contains binary data, convert it with `openssl x509 -inform DER -in cert.cer -out cert.pem`. +::: + +For more details, see the [Node.js documentation on adding CA certificates](https://nodejs.org/en/learn/http/enterprise-network-configuration#adding-additional-ca-certificates). diff --git a/docs/using-seerr/settings/mediaserver.mdx b/docs/using-seerr/settings/mediaserver.mdx index 54c47702..e813d7da 100644 --- a/docs/using-seerr/settings/mediaserver.mdx +++ b/docs/using-seerr/settings/mediaserver.mdx @@ -84,7 +84,7 @@ This value should be set to the port that your Jellyfin server listens on. The d #### Use SSL -Enable this setting to connect to Jellyfin via HTTPS rather than HTTP. Note that self-signed certificates are **not** officially supported. +Enable this setting to connect to Jellyfin via HTTPS rather than HTTP. Self-signed certificates are not trusted by default, but you can configure Seerr to accept them. See [Self-Signed Certificates](/using-seerr/advanced/self-signed-certificates) for details. #### External URL @@ -178,7 +178,7 @@ This value should be set to the port that your Emby server listens on. The defau #### Use SSL -Enable this setting to connect to Emby via HTTPS rather than HTTP. Note that self-signed certificates are **not** officially supported. +Enable this setting to connect to Emby via HTTPS rather than HTTP. Self-signed certificates are not trusted by default, but you can configure Seerr to accept them. See [Self-Signed Certificates](/using-seerr/advanced/self-signed-certificates) for details. #### External URL @@ -218,7 +218,7 @@ This value should be set to the port that your Plex server listens on. The defau #### Use SSL -Enable this setting to connect to Plex via HTTPS rather than HTTP. Note that self-signed certificates are _not_ supported. +Enable this setting to connect to Plex via HTTPS rather than HTTP. Self-signed certificates are not trusted by default, but you can configure Seerr to accept them. See [Self-Signed Certificates](/using-seerr/advanced/self-signed-certificates) for details. #### Web App URL (optional) diff --git a/docs/using-seerr/settings/services.md b/docs/using-seerr/settings/services.md index 4dba58fa..a0786f60 100644 --- a/docs/using-seerr/settings/services.md +++ b/docs/using-seerr/settings/services.md @@ -44,7 +44,7 @@ This value should be set to the port that your Radarr/Sonarr server listens on. #### Use SSL -Enable this setting to connect to Radarr/Sonarr via HTTPS rather than HTTP. Note that self-signed certificates are _not_ supported. +Enable this setting to connect to Radarr/Sonarr via HTTPS rather than HTTP. Self-signed certificates are not trusted by default, but you can configure Seerr to accept them. See [Self-Signed Certificates](/using-seerr/advanced/self-signed-certificates) for details. #### API Key