Player Issues after 30 of September and how to get back SECURED connection and no more Playback Errors

Plex Players Smart TVs
, , , ,
1

Server Version#: 1.24.3.5033-757abe6b4
Player Version#: 5.25.2 on Webos and Tizen 3/4

Quiet Simple :

On Webos you get all Versions sslv3 error no valid cert

On Tizen 3/4 you get sslv3 error no valid cert or, and this is the interesting Part sslv3 error stream truncated, Tizen 5 i can’t Test in a Time.

And here comes the Clue without an Own Certificate there was some Media absolut unplayable, errors like buffering transcode but only direct play is allowed and recognized from Server.

So whats now… Take a valid Domain, NO DYNDNS, go to zerossl.com, create a cert for this domain (90Days Free Cert is more as enough), apply the cert with keychain etc. into .pfx and put it into your plex Server. Important Restart the Server!!!

Now go your TV under the settings and adjust your settings with secure settings to always secured, close Plex App on TV and Restart it. after restarting check settings for Streaming and Adjust your Quality.

Confirmed Working on Webos 4.0
Confirmed Working on Webos 4.5
Confirmed Working on Webos 5.0
Confirmed Working on Webos 6.0
Confirmed Working on Tizen Platform 2.4
Confirmed Working on Tizen Platform 3
Confirmed Working on Tizen Platform 4
Confirmed Working on Tizen Platform 5
Confirmed Working on Android

5 Likes
2

Yes i test it and also confirmed that it is working in this models with zerossl certificate, thanks.

3

Can confirm it’s working on LG webos 3.9

4

Man that’s actually kind of brilliant, did you sniff the traffic to find this info?

Thanks for your reply earlier on the other thread. I had my own cert for the internal server and realized that plex changed it to it’s own and don’t know why I didn’t realize that until just now even though I clearly looked at it. Once I get back I’ll try your guide. Either way though, I don’t really like Samsung Tizen smart home stuff so I ordered a new Chromecast to replace it, I actually want to get a dumb TV and Samsung enterprise TV from what I read are the go to for this. I am rambling now, thanks again.

5

Thanks, but it was easy, 2hours to Dump webOS and Tizen FW, little Bit Reverse Stuff, checking Root ca bundle and small Work with Wireshark. And the clue is from my Point what i can See, with enabled Remote Access and own Cert it seems Like Plex mixing own Cert and Plex Cert, and than it comes to Errors, and so i get no Probs with own Cert and disabled Remote Access anymore. All my clients Outside Put in IP or Domain and it works Like Charm. An fully secured Connection, so all are Happy.

Best Regards

6

I wanna clarify that there’s no need to disable remote access and put in the IP manually after following these steps, at least on LG webos 3.9. It works as normal.

7

Thats right, but it’s cosmetic and the cleaner way for me.
And it’s for myself better to get Errors Located easier :wink:

8

If you are using Cloudflare for DNS and a Linux server it can be automated so it gets a new certificate every 60 days (meaning the certificate never expires). This is tested on my own Ubuntu 20.04 server.

You will need a token from Cloudflare to connect to the account - you can get that from Step 1 on this guide:

How to issue Let’s Encrypt Wildcard certificate with acme.sh - nixCraft (cyberciti.biz)

I personally ran all this under the root account - this made it easier in my case.

sudo su

Install acme.sh:
GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol

`curl https://get.acme.sh | sh

Close out of your connection

exit

Relogin to root:

sudo su

Register account with ZeroSSL:

acme.sh --register-account -m your@email --server zerossl

Add your Cloudflare token to allow modifying DNS records:

export CF_Token="cloudflaretoken"

Create a script:

nano /root/pms_ssl.sh

Add the following text into the script:

#!/bin/bash
/root/.acme.sh/acme.sh --to-pkcs12 -d 'plex.yourdomain.tld' --password CHANGEME
cp /root/.acme.sh/plex.yourdomain.tld/plex.yourdomain.tld.pfx /etc/sslcerts/
chmod 644 /etc/sslcerts/plex.yourdomain.tld.pfx
service plexmediaserver restart
exit

Make it executable
chmod +x /root/pms_ssl.sh

Make directory for the certificates:

mkdir /etc/sslcerts/

Get certificate and make ready for Plex:

acme.sh --issue --dns dns_cf -d ‘plex.yourdomain.tld’ --reloadcmd /root/pms_ssl.sh

In Plex under the network settings you enter the following:

Custom certificate location
/etc/sslcerts/plex.yourdomain.tld.pfx

Custom certificate encryption key:
Your password from above (where it says CHANGEME)

Custom certificate domain
plex.yourdomain.tld

Note you need to replace the variables which are your domain, email address, Cloudflare token and the certificate encryption key.

1 Like
9

(google translator)…

Total rookie question, :sweat_smile:
if I have static public ip, is it possible to do it without a domain?


Plex server in windows 10

10

You generally can’t get a SSL certificate for an IP address. Having a domain makes things much easier. Any domain will do just get the cheapest one you can find.

11

Something like duckdns should work with ZeroSSL, if you want a free domain.

12

Is a good solution, the problem is that on some TVs the “Random Server” section only lets you note the IP, it doesn’t allow you to enter the address “example.com

14

You don’t need to specifiy the IP or domain for this solution to work. Not sure why OP included it in the instructions since it probably just confuses people.

15

While it works for me and my People, before the new Samsung App Update comes Out, it has without IP in Random Server errors. And now after Yesterdays Update of the Samsung App it’s no more needed. Read the Plex Notes under the App and you understand that sometimes the Old Letsencrpyt Cert invoked Errors. Just my 2 Cent

16

thank you all, but now I need a little more help.

I have created my domain in Duckdns with my ip and everything is correct up to here.
From Zerossl, how is my domain verified? I have tried several things from Duckdns such as:

https://www.duckdns.org/update?domains=XXXXX&token=XXXXXXXX&txt=F:\verify_domain_txt\XXXXXXXXXXXXXX.txt&verbose=true

with response from Duckdns:
OK
F:\verify_domain_txt\XXXXXXXXXXXXXX.txt
UPDATED

but in Zerossl it gives me a verification error
Thanks!!

17

Hey! I’ve tried this fix and it isn’t working for me.
If I access my plex server via the browser, I see the new ZeroSSL certificate being used. However, it still refuses to connect via my TV (LG WebOS 5).

I’ve tried troubleshooting locally on my PC, and when I connect via openssl s_client to my server on port 32400, the first certificate that is returned is one like this:

CONNECTED(00000003)
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
---
Certificate chain
 0 s:/CN=*.gja400agl4l2pogajag94j2nmgakger.plex.direct
   i:/C=US/O=Let's Encrypt/CN=R3

That’s linking to an expired Lets Encrypt cert that I think plex has provisioned for my server itself.

I believe what’s happening is my TV is seeing this first certificate and erroring out (due to the Lets Encrypt root CA expired cert). How do I force my server to service this ZeroSSL certificate first and ignore the plex.direct cert?

18

Try logout and Login in TV App, and also try to disabled Remote Access. With disabled Remote Access IT works here perfect.

19

I’m still not getting things to work on my LG B7, I’m guessing it’s on WebOS 3.5 or 3.0, but the certificate error has disappeared and instead I get a generic the server is unavailable error. Disabling remote access is not a real solution for me as I use Remote Access for other devices. If anybody finds a way to purge all the let’s encrypt certificates from our servers please do share as I suspect this may be part of the problem here.

21

Is the zerossl cert still working for others?

22

For Me, under Linux it works Perfect with LG, Samsung etc.