Custom SSL Certificate (Let's Encrypt)

Plex Media Server Desktops & Laptops
1

Hey Guys,

I’ve seen that there are already a few threads regarding this topic, but none of the tips helped me with my issue so this post is my last hope.

So here I am with my shiny new Let’s Encrypt Certificate for my Plex Media Server. I entered all the information needed as shown in this post:

https://forums.plex.tv/discussion/200002/add-custom-ssl-certs-now-available-for-everyone-how-to

My Plex Server runs on a Win10 Machine by the way. So I entered the local path of my PKCS12 file (tried both extions .p12 and .pfx). The PKCS12 file itself is stored in the local userprofile. So access rights shouldn’t be an issue either.

Then I entered my private key (It doesn’t really say if you need to enter the path to the .key file or the private key itself, but I tried both) Right now I’ve configured the plain text private key again, as I assume this is the expected value for this field.

And of course the DNS name which I used for my CSR:

Now when I connect to my Plex Media Server I get a weird *plex.diret certificate, which of course causes a COMMON_NAME mismatch:

Why don’t I see the certificate I installed? Did I miss something?
Also tried various browsers and Chrome Private mode to make sure it is not a cache issue.

Also whats weird is that when I save the settings I don’t get any kind of feedback like “Success” or “Fail”.

I’d be happy for any suggestions.

2

no ideas? :<

3

could plex staff maybe reply? I’d really like to get this working =\

4

I’m having the same exact issue. Here’s relevant info from the log, really weird stuff, it sees my cert, then proceeds to install digicert:

Dec 30, 2017 03:42:19.454 [0x7f1375bce700] DEBUG - Request: [xxxxx:56200 (WAN)] PUT /:/prefs?customCertificatePath=%2Fetc%2Fplexcerts%2Fcert.pfx (5 live) TLS GZIP Signed-in Token (WaleedHamra)
Dec 30, 2017 03:42:19.459 [0x7f1375bce700] DEBUG - CERT: Certificate will not expire soon.
Dec 30, 2017 03:42:19.463 [0x7f137cffd700] DEBUG - Completed: [xxxxx:56200] 200 PUT /:/prefs?customCertificatePath=%2Fetc%2Fplexcerts%2Fcert.pfx (5 live) TLS GZIP 9ms 268 bytes (pipelined: 1)
Dec 30, 2017 03:42:19.464 [0x7f137d7fe700] DEBUG - CERT: Installed certificate with fingerprint 8e:f9:c2:bb:a1:23:1d:b2:11:c2:ee:2e:cd:42:58:87:c9:6c:aa:66.
Dec 30, 2017 03:42:19.464 [0x7f137d7fe700] DEBUG - CERT: Installed new private key.
Dec 30, 2017 03:42:19.464 [0x7f137d7fe700] DEBUG - CERT: Subject name is /C=US/ST=CA/L=Los Gatos/O=Plex, Inc./CN=*.4ba349441e474d0a847f2782999d3b09.plex.direct
Dec 30, 2017 03:42:19.464 [0x7f137d7fe700] DEBUG - CERT: Requesting OCSP response from ‘http://ocspx.digicert.com/’ for stapling.

5

my log looks exactly the same by the way. so I won’t repost it :slight_smile:

6

plex team, can you please answer? or is there another way to get support?

7

I’ve had a similar issue, but with Plex Media Server behind a reverse proxy with my own domain. I had to

  • Disable remote access in Settings > Remote Access (this prevents Plex from trying to setup remote access automatically);
  • Add my domain (and port) into Network > Custom server access URLs (e.g. https://myownplexdomain.com:443).

After I did that, Plex stopped using the .direct domain and default port number.

2 Likes
8

ok thx. I will try that and report about the result :slight_smile:

9

that didn’t help either =\ and I am not even using a reverse proxy.

10

@Plex Team

hey guys, any news on that topic? don’t wanna be nagging, but I don’t know another way to get support for plex than this forum. and as I am a plex pass user I guess I’d be egliable to get support right?
if I am mistaken here pls tell me. I know this is not a high priority issue, but any kind of response from a plex official would be highly appreciated, even if it is just “we are busy with other topics” or “shut up already”) :stuck_out_tongue_winking_eye:
then I’d at least know that someone registered this topic.

thx guys :wink:

12

@flow said:
Nope. You are not. You should have read what you bought. lol

interesting. I actually didn’t know that o_O
thx for that info. thats an answer I can live with :slight_smile:
in that case I’ll keep trying to solve it on my own and post the solution here if I stumble upon it.

13

FYI, the log posted shows that Plex can read the cert (since it knows expiration date).

With certificates the name has to match or it will fail. Technically speaking you can continue past the error, but I don’t know as much about Plex’s rules surrounding certs.

Does that cert show let’s encrypt as the organization that validates the cert? If not Plex isn’t honoring the cert and is replacing it with it’s own. Like I said, I don’t know Plex’s certs, I just see that I am using https and the channel is encrypted…

14

Yes it shows LE as certification organization. Not sure, but I guess LE certificates would be accepted by plex.
Anyway I will post this topic on reddit and as soon as I find a solution I will post it here. (Link to the reddit post will follow)

15

I recently wrote a script to automate the install and update of letsencrypt certificates on a plex server that is running on Ubuntu.

oisec.net/blog/plex-letsencrypt

16

@oisecnet

I took that script and threw it up on my github. I’ll definitely be using that for the future. You might want to make that it’s own post.

17

I guess it’s working only when you have a public domain for your plex server. Install SSL cert in your public domain, Plex will take care the rest. I haven’t use this feature yet. But if you use https://app.plex.tv/desktop url its already has SSL cert installed. If you are accessing plex server locally, then you don’t need SSL at all.
This is my own idea. :slight_smile:

18

I had the same errors, i found this and it works: