Server Version#: 1.21.3.3988
NAS : Synology on DSM 7 beta
I regularly get this message on the log
[CERT] TLS connection came in with unrecognized plex.direct SNI name ‘xxx-xxx-xxx-xxx.xxxxx6a2baf4a95b27f2779bf23e12d.plex.direct’; using installed plex.direct cert
(where xx-xx-xx-xx is a local or public IP, depending on the client)
I have tried to configure pfx certificate but with no resolution
I have search the forum with no real solutions
Maybe someone can help to solve this ?
Thanks
I’ll need to see the rest of the log for that.
Plus, obfuscating the non-routable RFC-1918 address of the subnet makes diagnosis impossible
Do you have you own cert in place? That’s where the collision is common.
This is same issue with or without my own certificate
Thanks I see it now.
Your modem/router is not allowing the DNS overlay. (aka DNS-rebinding protection)
Can you write the exception rule to allow plex.direct domain?
Sorry for my late reply. takes time to investigate my network
I have check and I have any kind of DNS-rebinding protection configured
I have added Hairpin NAT for Plex server with no solution
The issue show private IP of the Plex server himself
Feb 16, 2021 23:19:53.362 [0x7fd50342a700] WARN - [CERT] TLS connection came in with unrecognized plex.direct SNI name ‘172-16-0-54.0965836a2baf4a95b27f2779bf23e12d.plex.direct’; using installed plex.direct cert
and
request from my public IP
Feb 16, 2021 23:20:37.669 [0x7fd503718700] WARN - [CERT] TLS connection came in with unrecognized plex.direct SNI name ‘92-188-1-117.d7aed119387440f2958a01ad1849796d.plex.direct’; using installed plex.direct cert
I have tried also to remove all network config (CERT/CustomURL/etc) with no changes
There is one thing you can try.
It takes a bit of manual editing via DSM.
It will either work flawlessly or it will fail miserably (how I’ve seen it)
If this doesn’t clear it, there is one more thing I can do before dragging Engineering in.
Before doing the change, I see that you mentionned Plex share… as I’m on DSM7, Plex Share doesn’t existe any more. Do I have to apply the same steps on @apphome ?
If you can implement in Preferences.xml in DSM 7 , then OK.
Steps will be the same except you’ll need use a command line editor like VI
and you’ll need to SSH into it to get there. This is one of the major issues with DSM 7.
In looking at my networks here. I am getting plex.direct SNI name errors fo the nets which are part of docker containers.
If you’re seeing these SNI errors on other subnets – that is expected behavior because the CERT only applies to the primary PMS adapter & subnet.
e.g.
Host = 192.168.0.21
DockerA = 10.0.3.1
DockerB = 10.0.5.1
I get SNI errors when PMS looks at 10.0.3.x and 10.0.5.x for PMS players and hosts.
That SNI error is legitimate.
By telling PMS which network adapter to use as primary (don’t use “Any”), you are now telling PMS where to look and the SNI error will not be erroneously generated.
Hi,
I can’t find one of the both parameters (the a) you specified
Here the only settings with the word certificat in it :
CertificateUUID=“xxxxxxxxxxxxx” CertificateVersion=“3”
I will remove the CertificateVersion as you said. What about the second parameters ?
I have changed the interface listening settings . wait and see now
They are it. My apologies; i’ve been putting in a lot of long hours on DSM 7
My alerts are gone now since I’ve configured the interface to listening for (removing auto)
Preferred network interface in Network tab for other having this issue
Thx 
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
