How to Fix TLS Certificate Verification Errors When Connecting to Usenet

If you're experiencing SSL/TLS connection issues when accessing Usenet, the problem may be due to an expired certificate that some systems still rely on. This guide will walk you through how to resolve this by updating or adjusting your client software or operating system.

Why the Error Occurs

On or after September 29, 2021, the DST Root CA X3 certificate expired. While UsenetServer's servers use a valid certificate chain, some systems or newsreaders may not be properly configured to trust the updated chain. This can lead to TLS verification failures.

Fixes for Common Newsreaders

NZBGet

NZBGet uses its own CA certificate bundle.

Steps to fix:

1. Manually edit or replace the cacert.pem file in NZBGet’s installation directory.

2. Follow NZBGet’s official update instructions to obtain the latest certificate bundle.

SABnzbd

In SABnzbd, the issue is usually with the operating system’s certificate store.

Windows

1. Press Win + R, type mmc.exe, and hit Enter.

2. Go to File > Add/Remove Snap-in.

3. Select Certificates, then click Add.

4. Choose My User Account, click Finish, then click OK.

5. Navigate to Certificates - Current User > Intermediate Certificate Authorities > Certificates.

6. Delete any expired certificates titled DST Root CA X3 or Let's Encrypt R3.

Linux Run the following command in the terminal to update CA certificates:

sudo update-ca-certificates

Common Error Messages

SABnzbd

• "Certificate not valid. This is most probably a server issue."

• "Untrusted certificate."

NZBGet

• "TLS certificate verification failed."

After completing the appropriate steps, your system should be able to reconnect to Usenet using SSL/TLS without further issues.