Plex certificate error

GritsanY · April 12, 2023, 7:39am

Server Version#: 1.32.0.6918
Player Version#:Not relevant

After routine replacement of Plex certificate, now I cannot go to Plex Web without security warning:

Firefox detected a potential security threat and did not continue to mydomain.hopto.org because this website requires a secure connection.

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for mydomain.hopto.org:32400. The certificate is only valid for *.ce33de5ba6144b9fa245aadff9cadfaa.plex.direct.

I have a script that was working for years, that updates LetsEncrypt cert for my Nginx proxy and then puts it in PKCS12 archive for Plex:

systemctl stop plexmediaserver.service
rm archive.pfx.old
mv archive.pfx archive.pfx.old
cp /etc/letsencrypt/live/mydomain.hopto.org/fullchain.pem /var/lib/plexmediaserver/
cp /etc/letsencrypt/live/mydomain.hopto.org/privkey.pem /var/lib/plexmediaserver/
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out archive.pfx -name "mydomain.hopto.org"
# since I run this script manually, here I input the PKCS12 file password, which is the same as configured in Plex->Server->Network tab
chown plex:plex archive.pfx
systemctl start plexmediaserver.service
rm /var/lib/plexmediaserver/fullchain.pem
rm /var/lib/plexmediaserver/privkey.pem

Now I see these relevant lines in ‘Plex Media Server.log’:

DEBUG - [CERT] Subject name is /CN=*.ce33de5ba6144b9fa245aadff9cadfaa.plex.direct
DEBUG - [CERT] Installed certificate with fingerprint e1:24:4a:cd:d5:bf:c8:91:b9:bb:2d:33:a6:54:c6:20:83:86:32:27.
DEBUG - [CERT/OCSP] Stapling requests will be made to ‘http://r3.o.lencr.org/’.
INFO - [CERT/OCSP] Successfully retrieved response from cache.
ERROR - [CERT] PKCS12_parse failed: error:11800071:PKCS12 routines::mac verify failure
ERROR - [CERT] Found a user-provided certificate, but couldn’t install it.

DEBUG - [CERT] Subject name is /CN=*.ce33de5ba6144b9fa245aadff9cadfaa.plex.direct
DEBUG - [CERT] Installed certificate with fingerprint e1:24:4a:cd:d5:bf:c8:91:b9:bb:2d:33:a6:54:c6:20:83:86:32:27.
DEBUG - [CERT/OCSP] Stapling requests will be made to ‘http://r3.o.lencr.org/’.
INFO - [CERT/OCSP] Successfully retrieved response from cache.
ERROR - [CERT] PKCS12_parse failed: error:11800071:PKCS12 routines::mac verify failure
ERROR - [CERT] Found a user-provided certificate, but couldn’t install it.
WARN - [CERT] MyPlex: Invalid connection URL ‘mydomain.hopto.org’.

ChuckPa · April 12, 2023, 8:27am

In the future, please search the forum first as this is widely discussed in several areas.

There are multiple existing threads

Topic		Replies	Views
Plex overwrites certificate.p12 on startup - unable to specify own SSL server certificate NAS & Devices server-synology	3	472	January 8, 2020
Plex Server fresh install not fetching CERT General Discussions	8	215	February 15, 2019
Customer Certificate Woes: "Found a user-provided certificate, but couldn't install it" Desktops & Laptops server-truenas	11	542	February 22, 2020
Plex not using my SSL Certificate after v1.31.3.6868 (tried 1.32.1.6918 & 1.32.1.6999) on Server22 Plex Media Server server-windows	6	183	August 17, 2023
SSL Certificates Desktops & Laptops plex-web	12	1307	March 24, 2019

Plex certificate error

Related topics