Not sure how does double NAT protect your from unsecure connection over the internet
FYI, i know what is double NAT because that is my network structure.
Especially you do not own the remote plex server, there is not way to work around it. It is plex issue and plex should at least explain this is plex or webos.
No access possible to server possible if set up correct
Not sure what you trying to do here.
Problem is unable to access REMOTE plex server via secure connection.
Double NAT does not solve anything. Does not provide any secure connection to remote plex server.
There is nothing Plex can do LG would need to update their certificates
Closing this as PLEX wont even respond knowing the issue.
A simple 1 liner, LG need to update the OS cert would help.
To all still having issue, start calling your LG demand as OS update on this.
I spoke too soon, multiple titles started showing playback error untill I set Allow Insecure connections to ALLOW
Double NAT is Double Bad unless you really know what you’re doing
Seriously though, I call BS on this statement by Plex. Plex is in control of the connection, as they make both the SERVER and the CLIENT. They can control the certificates in both ends of the connections by embedding them WITH the client on distribution and NOT rely on anything by the manufacturer.
Of course they would have to do a little extra WORK, but common plex, we expect better than this.
Insecure connections is NOT a acceptable solution in the long run, for obvious security concerns. This is up to plex to fix, and it is within their power to do so.
Telling all my friends and family to buy a new tv or steaming box, also not acceptable, when this is an easy software fix by plex.
Redesigning the entire PKI is not an easy task.
LG is to blame here, they should keep their TV boxes updated with the latest trusted Root CA.
What CA did you use? I tried with Comodo, but it’s not really working…
Just include accepted bundle cert just easy task. most programing take the bundle cert in just additional parameter and it take 1 hour max for programmer to fix it including testing time. Well it is easier to just point finger.
Anyway plex dont even bother to reply this is LG issue. It’s wasting their time i guess.
Got reply from LG developer asking developer(which is plex) to include the ca bundle in the app.
https://webostv.developer.lge.com/discover/specifications/web-engine/ at most bottom.
Well plex can easily fix this with minor code change … It the matter of the care or not.
No, that’s not how root certificates work. The root certificates on a device should be installed and updated by a trusted party (typically the device manufacturer, or OS manufacturer/maintainer in the case of computers) as all other TLS security within the system depends on them. As an app developer you shouldn’t be able to push out new root certificates, unless you control the whole system (as was done by the rasplex developer to fix this problem).
What Plex should do is use a newer certificate that’s not signed by the expired root, but that means pushing out a new version of the app to possibly unsupported TVs. The decision as to whether they’re “supported” or not is typically down to the TV manufacturer and influences whether or not they still accept app updates to their store/library. And this still needs to have the new root cert present on the devices.
That’s a good question, as I am also interested in getting my plex to work again properly.
See the issue I have is some of the servers are working and some are not. Even if I do allow unsecured connections (which is not what I’d like to have) I would prefer to have them secured and working perfectly as it was. Would be nice for a roll back so it could continue to work the way it was.
However if I did do the self assign certificate how would one make it work for all apps on tv as I have Netflix Disney prime etc. And would hate for the new cert make them not work properly.
This would be nice if they did this or were able too but it is a root cert so not sure it can be done.
Well… Just solved the problem here.
I have a server running on Linux and one on a W10 laptop.
LG was suddenly not able to access the Linux server anymore, no problem with the laptop.
Searched for hours, nothing worked.
What solved it in the end was unplugging my TV (and plugging it back in obviously…)! :-/
The solution would be not to install a Self Signed certificate, but to use the procedure to load the certificate you are using in Plex.
I think the best choice would be to purchase a SSL certificate that is trusted by LG and use that.
The cheap Comodo certificates are not trusted, I am investigating alternatives.
Simple Solution, get an Cert from Zerossl, convert it to pfx install your own pfx in Plex
and enjoy secured Connections. Valid Domain required, no DynDns. It works 
Web0s 4.0 tested and confirmed working
Web0s 4.5 tested and confirmed working
That is not solution if you dont own the server. I run my own certificate but I lost connection to every other server.
that is not true at all, this does not affect the security of your server, it only affects that the stream between the server and client are no longer encrypted, so that your ISP or any ‘man in the middle’ could potentially capture/identify that a video media stream is being transferred.
No doubt it’s ‘easy’ to ‘arm chair program’ some else’s application without knowing anything about it.
If plex could do something about within the client app(s), I’m sure they can/will.
This affects more than just plex though, so don’t blame plex for your manufacturers dropping the ball on keeping their system certificates updated.
