I use multiple devices for Plexamp v3.8.0 and they are seeing my server (local or remote) using iOS and Mac’s with MacOS 11.6 and 10.15.7, but an older Macbook with MacOS 10.11.6 has stopped finding my server since a few days. This Macbook and the server is in the same subnet.
I’m seeing messages like this in the log:
Nov 04, 2021 17:18:04.873 [Javascript] WARNING - DEVICE: Server connection https://172-104-245-120.e628e82d94f94c67906bdb740724d2ab.plex.direct:8443 didn’t work for macmini: HTTP status -60
Nov 04, 2021 17:18:04.873 [Javascript] WARNING - DEVICE: Connection testing failed for macmini
Nov 04, 2021 17:18:10.734 [Javascript] INFO - DEVICE: Persisting devices because macmini was dirty.
It’s failing to connection test Towerplex2, as expected. These are the URLs it’s trying:
https://37-148-151-55.31b5f875482147c9a32264ccde2ceb85.plex.direct:33400 didn't work for Towerplex2: HTTP status -7 (couldn't connect)
https://10-0-0-61.31b5f875482147c9a32264ccde2ceb85.plex.direct:32400 didn't work for Towerplex2: HTTP status -7 (couldn't connect)
https://139-162-141-10.31b5f875482147c9a32264ccde2ceb85.plex.direct:8443 didn't work for Towerplex2: HTTP status -60 (cert issue)
http://10.0.0.61:32400/identity -28 (times out)
Sorry, forgot to mention my local server is ‘macmini’, but it probably has similar issues as this other remote server. Can not see any of them in Plexamp.
Nov 04, 2021 20:51:33.685 [Javascript] WARNING - DEVICE: Server connection https://192-168-1-100.e628e82d94f94c67906bdb740724d2ab.plex.direct:32400 didn't work for macmini: HTTP status -60
Nov 04, 2021 20:51:34.801 [Javascript] WARNING - DEVICE: Server connection https://188-126-197-112.e628e82d94f94c67906bdb740724d2ab.plex.direct:32400 didn't work for macmini: HTTP status -60
Hi folks, I have the same issue. Plexamp 3.8.2 on Mac running El Cap 10.11.6 does not see the server. Other devices are working. @mortenso, did you figure out anything on the Mac-side? I can add one more clue here. When I launch plex-web in safari from my localserver:32400 then everything works, but if I point safari to plex.tv initially, it will log in centrally, but fails to connect to my server. This does not happen when I use Firefox.
Haven’t been able to find a root cause on the MacOS side, no. As you point out, it’s working fine in Firefox for me as well. Haven’t tested in Safari, will do that asap.
I was hoping you had updated the root certificates on El Cap, and could confirm that as a fix. Clearly we have a problem with Safari and Webkit based apps since September of this year.
e.g. El Cap Security Certificate problem
I think that Firefox has its own trust root separate from that in the keychain.
It seems that the thing to try is updating the root certificates on El Cap as described here: How to update root certificates
It’s tedious and as I said, I was hoping you had already tried it.
Updating Root Certificates worked. Both Plexamp and also Plex-web in Safari work after following the instructions linked in previous post.
I’m not sure that I like the results all that much, as now I have a bunch of root certificates with special unmitigated trust settings as opposed to SSL and X.509, and it may have added certs with trust that should be certs not to trust. I’m not sure how worried to be about all that - given I only use Firefox for browsing since it’s much newer than Safari on that Mac.
I think that just updating the certs in Plex.tv tree would be a better option. It seems that “Baltimore Cybertrust Root” and “Cloudflare Inc ECC CA-3” should be sufficient.
For Plex, there is a process choice: 1) stop supporting El Cap and older Macs; 2) have users fix their Macs if they want them to work; 3) use a different certificate in Plex that has not expired on older systems; or 4) add a conditional step in the installer that updates the affected cert if needed.
Originally I posted here that I like the last option, but I’ve since changed my mind. You see, I also have a 1st gen Echo device that no longer works with the plex skill. I don’t have any way to update the root certs in that device, and Amazon seems to have discarded it in the same way Apple discarded the iMac. I can see the day where older streamers and smart TVs will also lose manufacturer support and their trust chain will decay.
So, now I have to wonder if solution 3 is a better option, and if finding a reasonably long-lived root certificate that’s common to all the existing supported devices is a good choice to re-home the trust chain. That might fix more problems on more devices with less total effort - but I have to admit that I don’t know how easy it would be to add or change the certificates in such a way.
If I can go off-topic a bit here - all this leads me more strongly toward open solutions. I can see the day coming when I will install Linux on the old iMac that no longer gets updates from Apple. I can also see me looking for open streamer solutions (e.g. Raspberry Pi) that I can embed in long-lived equipment, like a stereo system. Let me encourage Plex to lean as strongly toward open source as you can.
Excellent work there, @tanschutz ! Would be good if we were told which root certs are actually needed, so we can make a decision ourselves. Ideally I guess this should be solved on the plex end, but that might be too big an ask for an assumed small portion of the Plexamp users.
I like to keep my devices and machines alive for as long as possible, and my 12 year old MacBook can still do a job in my home office stereo setup.
