Not authorized /Unable to claim server

Plex Media Server
21

That is a Self-Signed certificate coming from your end.

Plex’s certificates are all from Let’s Encrypt

Did you add your own certificate to Plex ? (making sure)

The error 60 is telling us that certificate names and keys Do Not Match.

Error 60 is like a MITM (Man In The Middle) attack where your connection is being redirected elsewhere then sent to the original destination

22

Thanks, I know this sound like I don’t know what I’m talking about. Working in IT myself I know how obnoxious end users can be…

No own certificate, as I show in the screenshot above. Haven’t changed anything.

Some thoughts about the issue,
My connection is using DHCP and from what I understand you are using some naming scheme looking like PTR records, so if my IP changes I guess my cert is no longer valid? The problem here is that my IP hasn’t changed since middle of July.

I am running other services at home on port 443 that uses a Let’s Encrypt wildcard cert for my own domain but don’t see that it would interfere with PMS?

Is my PMS instance directly asking Let’s Encrypt for a cert or have you gotten your own CA or are you proxying requests?

23

And after a reboot of the server (had to reboot vm host, not related to PMS) I have access again.
Modify date of .p12 is 26 of august, last time I deleted the certificate.

24
  1. We have our own CA for plex.direct with/from/through some agreement with Let’s Encrypt.
  2. We can create and distribute certs for PMS (plex.direct domain).
  3. PMS sends CSRs to plex.tv as needed and plex.tv responds with the p12 for your PMS subdomain (xxxxxxxxx.plex.direct) signed by our master cert.
  4. PMS also has an internal DNS resolver based on plex.direct domain.

When PMS starts, it queries the host for the hostname.
Most hosts respond with a simple hostname.
Hosts with a FQDN DNS server respond with hostname.MyDomain.TLD

Where things get screwy if not done completely:

  1. You have a host which has a FQDN hostname (e.g. PMS.Mydomain.TLD)
    -and-
  2. “Mydomain.TLD” has not been added to PMS (Settings - Server - Network)

On Linux hosts, you can set the hostname manually to be the simple hostname or the FQDN hostname

[chuck@lizum ~.1997]$ cat /etc/hostname
lizum
[chuck@lizum ~.1998]$

In the above, if I added the FQDN, I would also need add my certificate (with my CA in the P12) to PMS

When I add my cert to PMS, PMS knows to accept both names and transitions silently from one domain to the other as both are trusted.

Personally, I don’t understand the need for this crazy level of security with CA’s on my my personal domain. I don’t understand why PMS behaves like a banking app in this regard. I don’t understand all the anti-phishing warnings either. They told me there are cases where it’s needed . whatever :slight_smile:

25

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.