Certificate CSR Rate Limited (429) - Request Reset - Docker/Unraid Server

Plex Media Server
,
1

Hi Plex team,

I’m requesting a certificate rate limit reset for my server. I’ve been running Plex on Unraid (Docker) for over a decade with no issues, but after some hardware failures and Docker rebuilds over the past six months, I lost my server’s TLS certificate. Now every attempt to provision a new one returns a 429 rate limit error.

Server Details:

  • Server name: Joe_Media

  • Plex version: 1.43.1.10576-06378bdcd

  • Platform: Unraid 6.12.14 / Docker (plexinc/pms-docker:plexpass)

  • Network mode: Host

  • ClientIdentifier (ProcessedMachineIdentifier): a933bc321a326f0f8105e1dc49d6250a25c334e2

  • CertificateUUID: 33be192f71264c21a99aa5091655f447

What’s happening:

Every 20 minutes, Plex attempts to provision a certificate and gets rate limited:

CERT: Certificate did not exist, fetching a new one.
HTTP/1.1 (0.1s) 200 response from GET https://plex.tv/api/v2/devices/a933bc321a326f0f8105e1dc49d6250a25c334e2/certificate/subject
HTTP/1.1 (0.1s) 429 response from PUT https://plex.tv/api/v2/devices/a933bc321a326f0f8105e1dc49d6250a25c334e2/certificate/csr?reason=missing&invalidIn=0
CERT: Error acquiring new certificate: Failed to upload CSR: 429, API rate limit exceeded

The GET for the certificate subject succeeds (200), but the PUT for the CSR is rate limited (429). This has been happening for over 48 hours. I’ve now stopped the auto-retry to prevent further rate limit resets.

What’s working correctly:

Everything else is fully operational — the only issue is the missing certificate:

  • HTTP access works locally, on LAN, and externally (port 32400 confirmed open)

  • plex.tv registration is active (presence=1, publicAddressMatches=1)

  • Reachability tests pass (connectivity=1, state=Mapped)

  • Pub-sub connection to pubsub10.pop.lhr.plex.bz is healthy

  • Token is valid (HTTP 200)

  • httpsRequired=0, secureConnections=2 (Preferred)

  • All outbound connectivity to plex.tv services confirmed working

How this happened:

After hardware failures and Docker container rebuilds, the original certificate files were lost. During troubleshooting, the container was restarted multiple times which triggered repeated CSR requests, hitting the rate limit. Each subsequent restart and automatic 20-minute retry kept resetting the rate limit window.

What I’ve tried:

  • Waiting 24+ hours between attempts

  • Deleting cached cert files and resetting CertificateVersion to 0

  • Generating new CertificateUUID values

  • Custom self-signed certificates (fails with “no suitable signature algorithm” on OpenSSL 3.1.1)

  • Fresh container installs

Request:

Could a Plex team member please reset the certificate rate limit for device a933bc321a326f0f8105e1dc49d6250a25c334e2? Once the rate limit is cleared, the server should automatically provision a new certificate on its next refresh cycle.

Thank you for your help!

2

@ChuckPa Could you please reset the certificate for my server? I’ve been stuck on a 429 rate limit for over a week now after Docker rebuilds on Unraid.

Server identifier: a933bc321a326f0f8105e1dc49d6250a25c334e2

I’ve also stopped the auto-retry to prevent further rate limit resets. Everything else is fully working (HTTP access, port forwarding, reachability). Just need the cert rate limit cleared. Thank you!

3
4

How did you do this? There isn’t a setting for this. AFAIK, it’s automatic as long as pms is running.

Also, do you use a VPN? If so, turn that off to allow the cert yo work, then you can turn it back on after.

5

Hey @MovieFan, thanks! This has been resolved now.

To stop the auto retry, I set CertificateVersion to 3 via the localhost API which tricks PMS into thinking it already has a valid cert:

curl -s -X PUT "http://127.0.0.1:32400/:/prefs?CertificateVersion=3&X-Plex-Token=YOUR_TOKEN"

Each retry was resetting the rate limit window so stopping it was key.

A moderator checked and confirmed the cert was actually stuck between generation and download on Plex’s backend, not a traditional rate limit. Once they cleared it, I stopped PMS, set CertificateVersion back to 0, waited a minute, restarted, and the cert provisioned first try.

No VPN involved. Just a Docker rebuild on Unraid that lost the original cert files, triggering repeated CSR requests that got it stuck server side.

Hope this helps anyone else hitting the same 429!