CERT Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429

Server Version#:1.43.0.10467-2b1ba6e69

Feb 02, 2026 13:18:00.825 [133071146605368] WARN - [EventSourceClient/pubsub/172.104.245.130:443] MyPlex: attempted a reachability check but we’re not yet mapped.
Feb 02, 2026 13:18:02.591 [133071036644152] ERROR - CERT: Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429,

Hello i think i got blocked for requesting too many certs.. i got that conclusion cus i been seeing a cert saved at /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Cache/

I had a daily script that cleans this dirs:

sudo rm -rf /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Logs/*

sudo rm -rf /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Crash\ Reports/*

sudo rm -rf /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Cache/*

I’m 50/50 sure this is the cause and didn’t know the PMS uses the cached cert instead of saving it in a more non cache directory.. Please fix this in future updates.

Another sus is my nginx reverse config:

server {
listen 32444 ssl;
http2 on;
server_name 192.168.0.149;

ssl_certificate /etc/nginx/ssl/tfms.crt;
ssl_certificate_key /etc/nginx/ssl/tfms.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_trusted_certificate /etc/nginx/ssl/tfms.crt;

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;

resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;

access_log off;
tcp_nodelay on;
tcp_nopush on;

gzip on;
gzip_min_length 10240;
gzip_comp_level 1;
gzip_vary on;
gzip_disable msie6;
gzip_proxied expired no-cache no-store private auth;
gzip_types
  text/css
  text/javascript
  text/xml
  text/plain
  text/x-component
  application/javascript
  application/x-javascript
  application/json
  application/xml
  application/rss+xml
  application/atom+xml
  font/truetype
  font/opentype
  application/vnd.ms-fontobject
  image/svg+xml;

location / {
    proxy_pass https://localhost:32400;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port 32444;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_cache_bypass $http_upgrade;
}

location ~ /\.ht {
    deny all;
}

}

I’m not sure if this config causes the issue too… please let me know.

Now that i have removed the clean scripts.. please reset my server certs and unblock me thanks!.

Don’t do that.
Only empty out the Transcode and PhotoTranscoder subfolders in there, if you must.

Did you come up yourself with that or did you find this someplace else as a recommendation? This should be taken down.

Yes i come up with that myself.. I thought it’s cache so it must be safe.

I have taken down that.

Thanks alot for unblocking me.. the certificate renewed.

If anyone encounter this issue in the future you maybe are deleting files inside the /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Cache/ …folder don’t as it contains the .p12 certificate and once you delete that the PMS tries to renew it.

Repeat that every day and in the end you get:

API rate limit exceeded status=429 or

CERT Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429 Errors.

Please consider changing the path of the .p12 to other location in future PMS updates as other users may empty the Cache folder and get this issue.