Lets Encrypt is a free, automated PKI certificate authority accessible via API. It would be great to be able to set multiple common names for Plex and have it create trusted certificates using Lets Encrypt so that when you browse to Plex directly (not via app.plex.tv) you don’t get browser security warnings.
Its would be a great little feature to bundle in to the base.
e.g. Common names = 10.1.1.1, plex.mydomain.com, media.example.com
Cheers,
MC
@“Media Manager” said:
e.g. Common names = 10.1.1.1
It would be infinitely stupid to create a universally trusted certificate for an IP address that is not unique.
@OttoKerner said:
https://support.plex.tv/hc/en-us/articles/200430283-Network
Thanks yeah I’m aware you can upload a publicly trusted certificate manually, but Lets Encrypt presents the opportunity to automate that. So that self-signed certificates are no longer required and the user experience is maintained at a high level, the average user does not understand PKI.
@OttoKerner said:
@“Media Manager” said:
e.g. Common names = 10.1.1.1It would be infinitely stupid to create a universally trusted certificate for an IP address that is not unique.
Private network - Wikipedia
I understand what your saying, but I disagree as it depends what your purpose is. PKI certificates are used for two things
All that aside, the same premise applies with or without private IP addresses. Embedding the Lets Encrypt client in to Plex Media Server would remove the need for self-signed certificates and manually uploading purchased certificates.
@OttoKerner letsencrypt is definetely a good thing to add, with the lower and lower lifespan of certificates, people having their own certificate can’t do much else than perform updates constantly. Supporting letsencrypt is rather simple with the acme.sh or similar scripts.
Plex is now using letsencrypt out of the box, without requiring you to do anything – except claiming your server.
Oh? Sounds interesting, how / where do I find the guide for ‘claiming’ my server? On my linux plex I only see a ‘custom certificate’? We are talking about a local certiicate, and not through the app.plex.tv, right?
Claiming = logging your server into your account.
Everything is automatic.
The certificate is individual to your server. From letsencrypt. It’s pinned to the FQDN of your server (which is also assigned automatically).
Why would you want a local certificate? There is nothing inherently more secure about that.
Anyway, if you insist on using your own cert, you can do so already. But then you have to handle setting up the domain name und renewing the cert yourself: Network | Plex Support
Because I have problems with streaming to chromecasts without a proper local certificate.
You have a proper certificate. It comes automatically with Plex.
You are probably runing into this: https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections#toc-4
But this has nothing to do with the certificates which are provided with Plex. It has to do with your router (or more precisely, the DNS server for your local network).
No, it is not dns rebinding, but that I have a split-brain-DNS setup, so I have the same domain locally as is on the internet, so my servers have proper local names with real certificates, and that doesn’t match the plex.direct certificate.
Then you’ll have to provide your own certs, indeed.
