Cert failures, unable to connect to server from player apps

Server Version#: 1.29.2.6364
This past week I’ve been having trouble connecting to my local server from any apps on the AppleTV, iOS etc… though I can directly connect by IP through the browser. The odd thing, in the apps it will connect to the server, it just says all the media is inaccessible.

Digging into the logs I now see I’m having certificate issues, but unsure how to resolve it.
“CERT: incomplete TLS handshake from [::ffff:24.248.248.198]:64950: sslv3 alert certificate expired
CERT: incomplete TLS handshake from 127.0.0.1:64211: sslv3 alert certificate expired”

I have restarted the server multiple times, ensures everything is fully up to date, toggled all the various settings for remote access and secure access etc… to no avail. I don’t see any direct way in the settings to renew the certs. Any help would be appreciated.
Plex Media Server Logs_2022-11-11_22-36-39.zip (4.0 MB)

The Plex Team can help with certs. Until they get back to you here, we should double check how well your network connects without going through PMS.

Run this command in a terminal and paste the output into a </> code block here in your reply, thanks. It exercises a range of networking tasks.

curl -v https://plex.tv

Here is that output.

MacMiniPlex:~ phlash65$ curl -v https://plex.tv
*   Trying 52.16.62.137:443...
* Connected to plex.tv (52.16.62.137) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: C=CH; ST=Nidwalden; L=Stans; O=Plex GmbH; CN=*.plex.tv
*  start date: Sep 14 00:00:00 2022 GMT
*  expire date: Sep 23 23:59:59 2023 GMT
*  subjectAltName: host "plex.tv" matched cert's "plex.tv"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: plex.tv]
* h2h3 [user-agent: curl/7.84.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x147810400)
> GET / HTTP/2
> Host: plex.tv
> user-agent: curl/7.84.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 302 
< cache-control: no-cache
< content-type: text/html; charset=utf-8
< date: Sat, 12 Nov 2022 17:53:51 GMT
< location: https://www.plex.tv/
< referrer-policy: origin-when-cross-origin
< set-cookie: _my-plex_session_32=djc1bHFvZTZNeStHOWZHZjRhWEc0MmI3UkZ1MWFFMzZMb2JRRG5rVnQyaFNwSm1uNEkxY1ZtZ0Nxc0V2UGovQ2hpNURGVitDNDh5WDR2NUhtVytmUGoweVQ4aC9NY2xzVmhUMU9iSE5WemJ4S2pnNjVDQjdSTDNvZEtuYjhTdVdTYnlmVEJxQlVkQnlTZThVVjBob0VyODZMbVFkbkpxNWUrRUJRRkdJN0JNPS0td1NKUzJKY1pTZE9yY3BUQjUvVWlRdz09--6d99609e3ce6d23390d83b1618d3939f40042cee; path=/; HttpOnly; secure
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< vary: Origin
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-request-id: d37d7688-8f44-42b9-a2c5-a909767b1170
< x-runtime: 0.005363
< x-xss-protection: 1; mode=block
< 
* Connection #0 to host plex.tv left intact

This is also the logs, basically in this loop of trying to refresh a cert but failing over and over.

Screenshot 2022-11-12 at 11.57.11 AM1381×362 104 KB

@FordGuy61 @tom80H do we ping Otto maybe for help with a Cert issue?

So what would be the next step to try to get this working?

I’m hoping to get someone from Plex to notice this.
We can ping or DM them, but a lot of them disabled messages after the breach.
You’re welcome to try that too.
To be less intrusive, I’m just starting with a couple of forums mods.

I was actually able to resolve this today after a couple weeks of going crazy. All the various logging out/in, toggling remote access etc… didn’t work for me. It kept getting stuck in a loop of trying to apply a new cert but failing. Eventually I found a single line in my logs pointing me to the exact problem.

Nov 18, 2022 09:18:24.707 [0x16f30b000] DEBUG - [Req#e6/HCl#6b] HTTP requesting GET https://plex.tv/api/v2/features?X-Plex-Token=
Nov 18, 2022 09:18:24.707 [0x16ddb7000] ERROR - Couldn't delete the file "/Users/phlash65/Library/Caches/PlexMediaServer/cert-v2.p12": Permission denied

I went into my local library and deleted that entire Caches folder, restarted the system and after I logged back into my Plex account everything was working. It then just required logging out of all the remote apps/iOS/AppleTV etc… and logging back in and they all worked. I hope this can help someone else dealing with this cert issue.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.