I have been using Plex for some time with a Plex Pass and I recently noticed how I have my Remote Acess green “Fully accessible outside your network”, but I don’t get a plex.direct url, with https certificate, in the PMS/resources as you can see in the following XML:
What I get when I try to access plex with the plex.direct link is a fail with DNS_PROBE_FINISHED_NXDOMAIN from external networks, and ERR_TUNNEL_CONNECTION_FAILED locally.
It would be nice to have the https access for more secure playing.
Thank you for the resource, but this talks about connecting securly via relay server “https://app.plex.tv/desktop/#!/” which is not the direct connection, also used for API Endpoints.
I was asking for the *.plex.direct:32400 URL that are not showing in my PMS/resources which even with network secure connections setting on “Preferred” or “Required” still does not change.
Fo example if I would like to do an API request on an https secure connection I cannot do that as in my PMS/resources I only have http unsecure connections.
Here some extra context on the plex.direct URL:
plex.direct URLs (e.g., https://xxxxx.plex.direct:32400) are designed by Plex to provide direct, secure (HTTPS) API access to your Plex Media Server, even if you don’t have your own custom domain or public SSL certificate.
Plex generates these unique *.plex.direct subdomains for each server, and plex.tv handles the DNS resolution and provides a valid SSL certificate for these domains (using a wildcard certificate for *.plex.direct).
These plex.direct URLs are still actively used and are the standard for how Plex’s own clients (mobile apps, smart TVs, Plex Desktop App) establish a direct, secure connection to your server’s API to fetch media and metadata.
I read everything and trying to understand where can I find a fix for having the *.plex.direct URL.
Could you tell me the section? Because I have tried everything, with Required or Preferred in the Network settings and still a link like the following is giving me errors, which make sense as it is not showing in my PMS/resources.
The server has to be claimed into your user account.
Your local DNS resolver must not prevent the resolution of the plex.direct domains (DNS rebinding protection).
Your DNS resolver must not cache the data for too long.
Best you try a known “working” DNS server, like 1.1.1.1 or 8.8.8.8
Verify that the container has proper “write” privileges and ownership of the plex data folder.
Ok, After trying all the things said here I can absolutly say that there is not a problem on my local side as:
The server is claimed
DNS in my netplan in /etc/netplan/*.yaml and on the plex container itself is set to 1.1.1.1 and 8.8.8.8
DNS Rebiding Protection is not creting this problem on my router
The container has read/write privilages as also the pms/resources are changing based on the settings I set up in the Plex UI.
Just to be sure I tried to access my plex.direct link from my androind phone under my WIFI but with DNS changed to the specific 1.1.1.1 and 8.8.8.8 to be sure and in this case the error it gives me is ERR_NAME_NOT_RESOLVED.
And I mean, if a DNS_PROBE_FINISHED_NXDOMAIN or ERR_NAME_NOT_RESOLVED error from a reliable public DNS server like Cloudflare’s or Google’s means that the domain PMSclientIdentifier.plex.direct:32400 either does not exist, or the DNS record has not been published or has been removed.
I would then think that the Plex Media Server’s native HTTPS remote access via plex.direct is in some way broken. Despite Plex reporting “Fully accessible,” the secure domain name for my server is not being created or correctly maintained on the public internet.
This is a much deeper issue that is beyond local network or user configuration, and is likely a problem with how my specific Plex Media Server instance or Docker setup communicates its secure connection status to plex.tv.
Is there some other way that this can be troubleshooted?
I believe I’m having a similar issue. I have a public static IPv4 address that is port forwarded to 32400 internally and externally, I toggled between “preferred” and “required” secure connection, and all router and server firewall settings have been checked/disabled. Everything locally suggests that remote clients should be able to connect via https://app.plex.tv, but the interface just says “app.plex.tv is unable to connect to “SERVER” securely” once an account is signed into in a web browser on my LAN or not, on a different client browser/app or not.
If I manually go to https://localhost:32400 I am able to open the SSL cert information and find the subdomain hash (*.{hash}.plex.direct), then by going to https://{my}-{public}-{ip}-{octects}.{hash}.plex.direct:32400 I am able to successfully connect to my server using HTTPS without the browser complaining.
I’m fairly sure that something is wrong on Plex’s end since everything not through https://app.plex.tv or the Plex mobile app works as expected (http://localhost:32400, http://{my.private.ip.address}:32400, https://{my.public.ip.address}:32400, https://{my-public-ip-address}.{hash}.plex.direct:32400, Plexamp)
I think I’ve figured out a workaround for this. Plex Media Server comes with an SSL certificate valid for a specific domain and is discoverable by going to https://localhost:32400 and viewing the “invalid” certificate’s domain. It should look something like “*.123456789dead56789beef5678912345.plex.direct”. the star should be replaced the public IP address of the server with dashes instead dots. It would look something like this if the public IP address of the server was 10.20.30.40; https://10-20-30-40.123456789dead56789beef5678912345.plex.direct. The result should go into the “Custom server access URLs” text box in the Network category of the Plex Media Server interface.
It may take half a minute when a client tries accessing the server for it to properly work in the app, and the app may need to be restarted after the remote connection is established for anything to show up in the tab the app started on.
