To offload transcoding from my primary box I decided to setup a new Plex server. Unfortunately, after I installed it I realized my new box is missing the magical green lock.
The new server is Happyland and the old is Papa’s Media-Center. As you can see from the attachment Happyland’s URI is missing the certificate hash and also does not have httpsRequired=“0”. This is the to date latest and greatest version of PMS and the server is set to prefer secure connections. I have tried disassociating my account from the PMS and reassociating to see if that would trigger the generation of a certificate, but to no avail.
It is time to put this to the better men…or women! Help out a poor fool.
You must not use a custom domain name if you want the certificates from plex to work.
The certs use ‘certificate pinning’. This means they are only valid for your particular subdomain of the *.plex.direct domain.
You can see this in action of you look at the uri= of your older server.
So, on the new server, go to Settings - Server - Network - (Show Advanced) and clear the field ‘Custom server access URLs’
Afterwards restart the server and wait a few minutes.
Using a custom domain name requires you to provide a fitting certificate yourself.
I can’t tell you exactly how to do that as I have never done it.
I had removed that earlier today, but for some reason it is still showing up in the output. Most of my testing was by navigating to https://app.plex.tv/web/app. Besides that you can still see that there is not a hash by the URI. I am not sure when this is generated. Before I changed the old servers external port to 32401 they both were set to 32400, however the port forwarding on the router would always deliver the traffic to the old server. I’m not sure if the certificate was somehow part of the initial setup/install and I just need to figure out how to retrigger the certificate generation. Any other thoughts?
You will notice there is no longer a custom server access URL. Still no hash on the new server. I had the old server shutdown during install. There doesn’t happen to be a limit to the number of certs they will generate per account is there?
The ports are properly forwarded from the router. Access via http outside the local network works fine. It is just https that is failing. It appears in my old server the cert is in the %LOCALAPPDATA%\Plex Media Server\Cache directory. The new one is missing this. I am considering just copying the appdata and registry over. I’m not certain if that will work, but perhaps it will associate the functioning PMS cert with the new server. Thoughts?
I have signed in and out with pauses on multiple occasions yet still no cert.
@papaporous said:
I am considering just copying the appdata and registry over. I’m not certain if that will work, but perhaps it will associate the functioning PMS cert with the new server. Thoughts?
Don’t do this. It is a very bad idea. You won’t be able to distinguish your old from your new server and it is purely random which you get to see in eihter of your clients once they run both at the same time.
I think the cert server is down. Reset my server today and haven’t been able to access it securely, checking logs I think I found why. Able to reproduce repeatedly. This is an OS X Server.
Feb 14, 2016 17:52:25 [0x700000cdc000] DEBUG - CERT: Version mismatch, fetching a new one. Feb 14, 2016 17:52:25 [0x700000cdc000] DEBUG - HTTP requesting POST https://plex.tv/devices/3086737ed2761d31c5fabf0eff22c8af784da9c9/certificate?version=2&X-Plex-Token=xxxxxxxxxxxx Feb 14, 2016 17:52:25 [0x700000cdc000] ERROR - CERT: Could not fetch certificate from the cloud: 503
Can trigger the above messages by signing out/in at Settings > Server > General.
Feb 14, 2016 16:57:53:286 [6592] WARN - MyPlex: Updating device connections failed, retrying in 10 seconds.
Feb 14, 2016 16:57:53:286 [6592] DEBUG - CERT: Version mismatch, fetching a new one.
Feb 14, 2016 16:57:53:287 [6592] DEBUG - HTTP requesting POST https://plex.tv/devices/79cca92c3ab241472c91111176b29cc29d043f5b9/certificate?version=2&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Feb 14, 2016 16:57:54:073 [6592] ERROR - CERT: Could not fetch certificate from the cloud: 503
I have exactly the same in my logs on two different linux based PMS. It does appear that the cert generation is down. Tried each step outlined in this thread only to have the same result.
I’m also seeing this issue today. Noticed it when creating a new server on the network (using the existing server’s Library as a basis)… Now I get the same following error in the Plex Logs of both Server 1 and Server 2.
ERROR - CERT: Could not fetch certificate from the cloud: 503
I get the same error on both servers, even after signing out/in of Plex on the servers themselves and also after removing the servers from Plex Web - The servers show as being remotely accessible when I view the web app http://localhost:32400/web on the servers themselves but both are not accessible via the Plex Web App?
Are the Certificate Servers down currently causing this issue?
+1, ERROR - CERT: Could not fetch certificate from the cloud: 503.
Just migrated the server to a new machine, and everything works flawless except that I can’t reach the server via HTTPS because “The server does not allow secure connections”. I have performed every advice I could find for this, but I am starting to think this must be the reason why it’s not working.
It’s good to see that I’m not the only one. I have two servers latest Linux and NVIDIA shield pms and I have exactly the same problem.
ERROR - CERT: Could not fetch certificate from the cloud:
This happens right after the recent plex auth server downtime recently. Both of my servers lose the lock sign. I can’t access them over https via app.plex.tv.
Hopefully @elan or someone could check if the certificate generation server is down…
There seems to be a number of issues being reported today (outside of this thread) around Secure Connections, Certificates etc which could likely all be related to this…
The Plex Status website shows everything is operational but suspect there are issues with the Certificate Servers?
Hopefully Plex support read this and are able to take a look soon…
