How to allow Secured Connections?

I have never gotten “Secure” connections work with any client. By default, when I install a client (Windows 10, Android, iOS, OSX, etc), the first thing I have to do is Allow Insecure Connections - otherwise, it never finds the server.

This is the only thing that has prevented me from opening Plex up to streaming externally from my network (right now, i require OpenVPN clients to connect).

I have followed the guide here: https://support.plex.tv/hc/en-us/articles/206225077-How-to-Use-Secure-Server-Connections

And per the “Tip” about rebooting, I rebooted.

But yet, accessing it on web browser, Chrome gives the “Insecure Connection” warning.

https://server:32400/web/

^- gives the insecure warning. And no device is able to make a secure connection still (I have to re-enable “Allow Insecure Connection” to get clients to work).

xpssklobr9ss.png832×466 31.5 KB

Disclaimer: I have a highly custom installation of Plex Media Server.

• On Windows 2012 R2

• Running under a limited “nzb” username with read-only rights to most of the system, except…

• Custom “home” or media folder located at C:\Plex Media Server

• Custom “Run Plex as a Service” regedit scripts i created, with the following parameters:

  Windows Registry Editor Version 5.00

  [HKEY_USERS\S-1-5-21-3261097372-417704997-3008163763-1005\Software\Plex, Inc.]

  [HKEY_USERS\S-1-5-21-3261097372-417704997-3008163763-1005\Software\Plex, Inc.\Plex Media Server]
  “SetupLanguageCode”=dword:00000409
  “InstallFolder”=“C:\Program Files (x86)\Plex\Plex Media Server\”
  “MachineIdentifier”="(redacted)"
  “ProcessedMachineIdentifier”="(redacted)"
  “AnonymousMachineIdentifier”="(redacted)"
  “MetricsEpoch”=dword:00000001
  “GracenoteUser”="(redacted)"
  “AcceptedEULA”=dword:00000001
  “PlexOnlineMail”="(redacted)@gmail.com"
  “PlexOnlineToken”="(redacted)"
  “PlexOnlineUsername”="(redacted)"
  “PlexOnlineHome”=dword:00000001
  “DlnaEnabled”=dword:00000001
  “CertificateVersion”=dword:00000002
  “PublishServerOnPlexOnlineKey”=dword:00000000
  “LastAutomaticMappedPort”=dword:00002b20
  “PubSubServerPing”=hex:3(redacted)0
  “PubSubServer”=“45.79.90.28”
  “LocalAppDataPath”=“C:\”
  “collectUsageData”=dword:00000000
  “LanguageInCloud”=dword:00000001
  “FSEventLibraryPartialScanEnabled”=dword:00000000
  “FSEventLibraryUpdatesEnabled”=dword:00000001
  “ScheduledLibraryUpdateInterval”=dword:00015180
  “allowedNetworks”=“172.16.(redacted).0/255.255.255.0,10.88.(redacted).0/255.255.255.0,10.8.(redacted).0/255.255.255.0”
  “customConnections”=“https://eduncan911.domain:32400,https://server:32400,https://server.domain:32400,https://server,https://server.domain”
  “BackgroundTranscodeThrottle”=dword:00000000
  “TranscoderQuality”=dword:00000003
  “CinemaTrailersFromBluRay”=dword:00000001
  “CinemaTrailersFromTheater”=dword:00000001
  “ManualPortMappingMode”=dword:00000001
  “ManualPortMappingPort”=dword:00007e90

^- The “customConnections” has been edited in the text above to mimick about what my custom domain is.

• I do not allow Remote Connections at this time (again, due to not being able to serve secure connections).

Secure connections will never work with your custom domain names.
They are not necessary at all, since Plex provides a unique domain for your server automatically and the TLS certificate you get is ‘pinned’ to it.
So the certificate won’t work with any of your custom domains because it is not valid for them.

Try this:

• remove all your custom domains.
• switch your DNS server from the one of your ISP to those of Google (8.8.8.8 and/or 8.8.4.4) (for reliable resolution of *.plex.direct domain names)
• allow DNS rebinding for the domain plex.direct (otherwise secure connections won’t work in the local network where your server is). If you can’t disable DNS rebind protection, you will not be able to ‘force’ secure connections
• enable remote connections, then restart your Plex server
• go to plex.tv, sign in and press the big ‘Launch’ button