Plex Custom SSL Certificate Appears Broken

General Discussions
1

Using Plex Media Server v.1.32.2.7100 on Linux. Getting a certificate error that the hostname is not valid. Inspecting the page I can see this:

image

Hopefully image shows. It’s pulling images from thelocalip.somethingrandom.plexdirect.com

This should be pulling from my locally hosted domain name and cert is not. This used to work and seems like an obvious bug.

2

Bump, anything here. I can’t be the only one seeing this. Most of my locally hosted plex server is using the correct certificate, but something is broken with photos.

3

Hi,

I face the same issue since my upgrade from v.1.31.Idon’trememberexactly to v.1.32.4.7164 on my Synology NAS.
I’m currently running v.1.32.4.7195, still the same issue.
I tried to change the path to fetch the .pfx bundle I use for several months, I also tried to switch from my RSA key to my ECC one for the .pfx bundle, I checked for path and file permissions, nothing to do…
From my last troubleshoot session, after restarting my Plex service, I can only provide the following debug log lines from the exported logs on which I run the command grep -i "ssl\|cert" *.log:

  • Plex Media Server.log:Jun 12, 2023 23:00:55.784 [139741179222672] DEBUG - [CERT] Subject name is /CN=*.e939615754c34be18bafa1087d4012d4.plex.direct
  • Plex Media Server.log:Jun 12, 2023 23:00:55.784 [139741179222672] DEBUG - [CERT] Installed certificate with fingerprint 48:5c:0b:69:37:8d:e0:48:fe:6a:6d:f0:47:ae:07:16:f2:67:70:fa.
  • Plex Media Server.log:Jun 12, 2023 23:00:55.784 [139741179222672] DEBUG - [CERT/OCSP] Stapling requests will be made to ‘http://r3.o.lencr.org/’.
  • Plex Media Server.log:Jun 12, 2023 23:00:55.784 [139741179222672] INFO - [CERT/OCSP] Successfully retrieved response from cache.
  • Plex Media Server.log:Jun 12, 2023 23:00:55.784 [139741179222672] ERROR - [CERT] Found a user-provided certificate, but couldn’t install it.
  • Plex Media Server.log:Jun 12, 2023 23:01:00.922 [139741114907448] DEBUG - CERT: Certificate will not expire soon; we’ll check again in a week.
  • Plex Media Server.log:Jun 12, 2023 23:01:00.974 [139741171911480] DEBUG - [CERT] Subject name is /CN=*.e939615754c34be18bafa1087d4012d4.plex.direct
  • Plex Media Server.log:Jun 12, 2023 23:01:00.974 [139741171911480] DEBUG - [CERT] Installed certificate with fingerprint 48:5c:0b:69:37:8d:e0:48:fe:6a:6d:f0:47:ae:07:16:f2:67:70:fa.
  • Plex Media Server.log:Jun 12, 2023 23:01:00.974 [139741171911480] DEBUG - [CERT/OCSP] Stapling requests will be made to ‘http://r3.o.lencr.org/’.
  • Plex Media Server.log:Jun 12, 2023 23:01:00.975 [139741171911480] INFO - [CERT/OCSP] Successfully retrieved response from cache.
  • Plex Media Server.log:Jun 12, 2023 23:01:00.975 [139741171911480] ERROR - [CERT] Found a user-provided certificate, but couldn’t install it.
  • Plex Media Server.log:Jun 12, 2023 23:01:01.044 [139741171911480] DEBUG - [CERT] MyPlex: Last published value didn’t change, we’re done.
  • Plex Media Server.log:Jun 12, 2023 23:01:12.475 [139741169802040] DEBUG - CERT: incomplete TLS handshake from [2a01:e0a:69:27c1:d10c:913d:61f9:cb6a]:53135: sslv3 alert certificate unknown (SSL routines)
  • Plex Media Server.log:Jun 12, 2023 23:01:28.497 [139741169802040] DEBUG - CERT: incomplete TLS handshake from [2a01:e0a:69:27c1:d10c:913d:61f9:cb6a]:53157: sslv3 alert certificate unknown (SSL routines)

I went through the release notes available, I found the following “interesting” notes:

  • Plex Media Server 1.32.0.6973 - (HTTP) A newly-created TLS certificate could fail to be installed
  • Plex Media Server 1.32.2.7002 - (Network) IPv6 addresses within the server’s configured network prefix are now considered local for bandwidth allocation purposes (#14234)
  • Plex Media Server 1.32.2.7002 - (Network) IPv6 network blocks are now supported in the LAN Networks preference (#14234)
  • Plex Media Server 1.32.4.7164 - (Web) Updated to 4.108.0

If anyone has an brilliant idea to troubleshoot and/or fix it… :slight_smile:

4

On my side the issue has been fixed thanks to OpenSSL v3.0.0 and PMS.

I was missing the new requirements regarding OpenSSL v3 when creating my .pfx, I mean -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256 options in my openssl command.

And also, but still don’t understand why, I need to change the path to provide access to my .pfx to PlexMediaServer account service.
Previously my .pfx was stored in my home folder and all was working fine (permissions were/are granted…), now I need to put the .pfx in the root directory of Plex itself, /PlexMediaServer to make it work again, otherwise I always get the same error in the debug logs ERROR - [CERT] Found a user-provided certificate, but couldn't install it.

5

You had a problem with Linux permissions.

On Linux, it’s possible to SEE a file exists but not be able to open it (read it).

The error message in the logs doesn’t differentiate and is vague.

I’ll bring this up with the server team on Monday and ask if we can make that message better.

6

Original poster here. The issue from Opajilon is a different issue. I am seeing this certificate error:

image

Chrome says this certificate is not valid

7

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.