tremotesf2 icon indicating copy to clipboard operation
tremotesf2 copied to clipboard
verified publisher icon equeim

Question about HTTPS certs

Open ronenrozner opened this issue 1 month ago • 4 comments

I have a server with Let's Encrypt certs. How do I configure Tremotesf to authenticate with it?

I assume I need to choose "Custom CA root certificate"? Let's encrypt create 4 certs: cert.pem chain.pem fullchain.pem privkey.pem

Which pem files do I copy into the app?

ronenrozner avatar Dec 07 '25 20:12 ronenrozner

I thought let's encrypt should work out of the box on any up to date OS? I.e. you don't need to do anything, your server's certificate will be automatically verified using your OS' CA trust store.

equeim avatar Dec 09 '25 19:12 equeim

No matter what I choose, all I get is this error:

Image

ronenrozner avatar Dec 10 '25 05:12 ronenrozner

What do you mean by copying into the app?

The error looks like the type of error when you try to connect to something that's a not TLS capable port.

Transmission Daemon is as far as I know not capable of running TLS for connections to RPC port (that's normally plain HTTP). It might be possible that it supports certificate based authentication.

Let's Encrypt in general issues a certificate + generated keys for a classic webserver configuration. These are valid because the CA today is bundled into ca-certificates and so on.

In general I guess the recommandation would be setting up a reverse proxy with e.g. Nginx or Traefik. This should make available the RPC Port (normally 9091) available via HTTPS on a port of your choice with your cert. Nginx need external tools Traefik has Let's Encrypt support embedded.

The Reverse Proxy just need to forward all stuff.to the RPC port. The authentication is handled by Transmission. see this for a nginx example.

You can choos another port then 80 or 443 you just need to make sure that you have 80 or 443 open when using HTTP challenge. If you like to don't open these ports or filter them by IP consider using the DNS challenge solution which makes it possible that Let's Encrypt doesn't need to connect to your host. Depending on the domain hoster Traefik supports the setup via the APIs of these hosters.

Hope this helps

Best Regards

DerBunteBall avatar Dec 10 '25 05:12 DerBunteBall

What I meant was that I copied the content of the PEM file into the app.

I run an Apache2 web server, with Transmission-Daemon running, and reverse proxy defined in Sites-enabled:

<Location "/transmission/">
    RequestHeader set X-SCHEME https
    ProxyPass "http://localhost:9091/transmission/"
    ProxyPassReverse "http://localhost:9091/transmission/"

    # Fix for "SSL input filter read failed"
    SetEnv nokeepalive
</Location>

Accessing Transmission via a web browser works without a problem - my Let's Encrypt certs work fine. But Tremotesf doesn't accept the certificates.

ronenrozner avatar Dec 11 '25 21:12 ronenrozner