How to add personal Domain SSL Certificate to Plex on Synology ?

Plex Media Server NAS & Devices
21

@sickhouse said:
Working good with Let’s Encrypt! Here’s what I did, Plex/Synology - Custom domain with HTTPS - Album on Imgur

Thank you so much for this solution. Works flawlessly! :smiley:

22

Hi,

I update some elements on my script, here it is :

#!/bin/sh
########################################################
#This script will create a new p12 certificate for Plex
#when Let's Encrypt automatically renew its one
#Mathieu Noublanche - 2017-08-10 v0.3
########################################################

########################################################
#Just adapt the values below to your configuration
#Location of your script
script_folder=/volume1/scripts
#Folder and name you want for your p12 file
p12_file_path=$script_folder/syno.p12
#Add password to the p12 file (you can leave it empty)
p12cert_password=
#Synology's Default Let's encrypt folder
letsencrypt_cert_folder=/usr/syno/etc/certificate/system/default

########################################################
#Changes below are at your own own risk
######################################################## 
generate_p12=false
current_date=`date +"%s"`
current_certificate_date=`openssl x509 -enddate -noout -in $letsencrypt_cert_folder/cert.pem | cut -d'=' -f2`
current_certificate_timestamp=`date -d "$current_certificate_date" +"%s"`

#First of all, we check if the renew_timestamp file exists (this file keep in memory the further certificate renew date)
if [ ! -f $script_folder/renew_timestamp ]; then
    echo "Generate timestamp for the current renew date... "
    echo $current_certificate_timestamp > $script_folder/renew_timestamp
    chmod +rw $script_folder/renew_timestamp
    chown admin:users $script_folder/renew_timestamp
    #We generate the first p12 file
    generate_p12=true
else
    renew_date=`cat $script_folder/renew_timestamp`
    echo "In memory certificate expiration date is" `date -d @$renew_date` "and the current certificate expiration date is $current_certificate_date"
    #Now, we check if is it necessary to renew the certificate or not
    if expr "$current_certificate_timestamp" "!=" "$renew_date" > /dev/null; then
        #We ask to generate a new p12 file
        echo "Dates doesn't match, we have to renew the certificate..."
        generate_p12=true
        #We update the timestamp_date on the file
        echo "Updating the new timestamp date..."
        echo $current_certificate_timestamp > $script_folder/renew_timestamp
    else
        echo "It is not necessary to renew the certificate, abort."
        exit 0
    fi
fi

#We generate a new certificate file if we ask it, ans we relaunch Plex App to take effect
if expr "$generate_p12" "=" "true" > /dev/null; then

    echo "Generating the p12 certificate file..."
    openssl pkcs12 -export -out $p12_file_path -in $letsencrypt_cert_folder/cert.pem -inkey $letsencrypt_cert_folder/privkey.pem -certfile $letsencrypt_cert_folder/chain.pem -name "Domain" -password pass:$p12cert_password

    chmod +r $p12_file_path
    chown admin:users $p12_file_path
    echo "Relaunching Plex App..."
    sh /var/packages/Plex\ Media\ Server/scripts/start-stop-status stop
    sh /var/packages/Plex\ Media\ Server/scripts/start-stop-status start
    echo "Done."
fi
8 Likes
Plex Media Server - Synology DSM 7 Preview - Issues
An error occurred while attempting to play this video check the connection and try again
23

Sorry duplicate post !

24

@Mathieu: Thank you very much!

25

@sickhouse said:
Working good with Let’s Encrypt! Here’s what I did, Plex/Synology - Custom domain with HTTPS - Album on Imgur

WORK GREAT, thank you so much!! :smile:

Synology NAS - https://mycustomdomain.co.uk:32400/web - refused to connect
26

@“Mathieu Noublanche” said:
Hi,

I update some elements on my script, here it is :

#!/bin/sh
########################################################
#This script will create a new p12 certificate for Plex
#when Let's Encrypt automatically renew its one
#Mathieu Noublanche - 2017-08-10 v0.3
########################################################

########################################################
#Just adapt the values below to your configuration
#Location of your script
script_folder=/volume1/scripts
#Folder and name you want for your p12 file
p12_file_path=$script_folder/syno.p12
#Add password to the p12 file (you can leave it empty)
p12cert_password=
#Synology's Default Let's encrypt folder
letsencrypt_cert_folder=/usr/syno/etc/certificate/system/default

########################################################
#Changes below are at your own own risk
######################################################## 
generate_p12=false
current_date=`date +"%s"`
current_certificate_date=`openssl x509 -enddate -noout -in $letsencrypt_cert_folder/cert.pem | cut -d'=' -f2`
current_certificate_timestamp=`date -d "$current_certificate_date" +"%s"`

#First of all, we check if the renew_timestamp file exists (this file keep in memory the further certificate renew date)
if [ ! -f $script_folder/renew_timestamp ]; then
    echo "Generate timestamp for the current renew date... "
    echo $current_certificate_timestamp > $script_folder/renew_timestamp
    chmod +rw $script_folder/renew_timestamp
    chown admin:users $script_folder/renew_timestamp
    #We generate the first p12 file
    generate_p12=true
else
    renew_date=`cat $script_folder/renew_timestamp`
    echo "In memory certificate expiration date is" `date -d @$renew_date` "and the current certificate expiration date is $current_certificate_date"
    #Now, we check if is it necessary to renew the certificate or not
    if expr "$current_certificate_timestamp" "!=" "$renew_date" > /dev/null; then
        #We ask to generate a new p12 file
        echo "Dates doesn't match, we have to renew the certificate..."
        generate_p12=true
        #We update the timestamp_date on the file
        echo "Updating the new timestamp date..."
        echo $current_certificate_timestamp > $script_folder/renew_timestamp
    else
        echo "It is not necessary to renew the certificate, abort."
        exit 0
    fi
fi

#We generate a new certificate file if we ask it, ans we relaunch Plex App to take effect
if expr "$generate_p12" "=" "true" > /dev/null; then

    echo "Generating the p12 certificate file..."
    openssl pkcs12 -export -out $p12_file_path -in $letsencrypt_cert_folder/cert.pem -inkey $letsencrypt_cert_folder/privkey.pem -certfile $letsencrypt_cert_folder/chain.pem -name "Domain" -password pass:$p12cert_password

    chmod +r $p12_file_path
    chown admin:users $p12_file_path
    echo "Relaunching Plex App..."
    sh /var/packages/Plex\ Media\ Server/scripts/start-stop-status stop
    sh /var/packages/Plex\ Media\ Server/scripts/start-stop-status start
    echo "Done."
fi

Thank you very much for this excellent script! Works like a charm!

My only problem left is that the Android client doesn’t pick up my custom domain when I try to cast to Chromecast. It still uses the plex.direct address. This doesn’t work because the server answers with my custom certificate. The IOS client on the other hand sends the correct address to the Chromecast and everything works. Any ideas?

27

Thank you, Works like a charm ! <3