Hi @ChuckPa - this is Plex Media Server 1.29.0.6244 running on a Pi (armv7) server with LibreELEC (official): 9.2.8 as the OS.
I downloaded and installed the Debian distro. image for armv7 and unpack/install to my $PLEX_MEDIA_SERVER_HOME path…it has been running fine without issues for almost 2 years.
Is there something I can check to see if my certificate is getting inserted to inbound traffic - something in the logs that would indicate that?
Thanks.
J
LibreElec is the complete unknown here.
I haven’t touched it in over 5 years and that was only as a Player ; never a server platform.
Let’s try investigating this way.
Stop Plex and examine “Preferences.xml”. Make certain it has valid values for
– PlexOnlineUsername
– PlexOnlineMail
– PlexOnlineToken
– PlexOnlineHome (not required in Preferences)
Are you running any HTTP proxy on the same machine or anywhere in the chain between that machine and your modem/router out to Plex.tv ?
Assuming you’re not, If you take your certificate’s reference OUT of PMS (Settings - Server - Network) – what happens?
Hi @ChuckPa - just an update on this - I was able to resolve the OCSP error by rebuilding my certificate.pfx using your post here:
It turns out, I was not using my CA.cer when building certificate.pfx and when i included that, the OCSP GET request finally succeeded.
Attached is a copy of my current PMS logs.
snippet of successful OCSP GET:
Oct 18, 2022 23:01:43.556 [0xb22aec50] INFO - [CERT/OCSP] Successfully retrieved response.
NOTE: Everything else seems to running ok (still able to access PMS remotely etc.) - still unsure what having this domain cert. will allow me to do other than access my domain name for PMS via https?
Plex Media Server Logs_2022-10-18_23-53-27.zip (540.5 KB)
J
Please reset my server certificate. I can’t connect to my server since I updated my Nvidia SHIELD TV Pro and both the Plex and Plex Media Server apps. Thank you!
@ChuckPa experiencing the same issue. can you reset please?
Certificate reset.
Restart your server and devives.
@ChuckPa: I’m having the same certificate issue with my Nvidia SHIELD TV Pro Plex Server. Could you do me a favor and reset the certificate? Thx!
@ChuckPa can you check my certificate ?
Yep,
you used up more than your fair share of certificates in very short order.
(Check permissions in the “Plex Media Server/Cache” directory to make sure Plex can save the certificate. ) It’s asking for one at every restart.
Specific attention on the cert-v2.p12 file.
Delete it and let it pull new if needed.
I’ve reset your cert.
Restart the server
i deleted it, and restart…
trying to access app.plex.tv got this: app.plex.tv is unable to connect to securely
suddenly app.plex.tv works
but still got:
[CERT] TLS connection from “ip” came in with unrecognized plex.direct SNI name *****plex.direct’; using installed plex.direct cert
Server Version#: 1.31.2.6783
Player Version#: 4.100.1
Cannot access my server via https://app.plex.tv/desktop it is reporting it cannot connect because it’s not secure when logging directly into the server I see this error over and over in the logs(I have removed my IP address and the port it was trying on). I can see the certificate from LetsEncrypt expired today at 11:54 am, I have restarted the docker plex instance as well as the server multiple times but plex is not pulling a new cert. I have seen in the past plex employees have had to reset the cert for others so hoping that is my issue.
@BigWheel @ChuckPa
CERT: incomplete TLS handshake from xx.xxx.xx.xx:xxxxx: sslv3 alert certificate unknown
I moved your thread here. There’s no need for another thread.
You have 3 servers. Which one please?
In looking at the Plex-supplied certificates, none of them are expired.
Are you using your own certificate? Did it expire today?
Server: BeastServer
I do not have any custom certificates.
When I connect directly to my external facing IP address using the plex port the letsEncrypt certificate shows as expired as of today at 11:54 AM so that is most likely causing the issue.
several docker container restarts as well as several server restarts have not grabbed a new cert.
I see this error as well in the console
CERT: Error acquiring new certificate: ios_base::clear: unspecified iostream_category error
I’ve reset the certificate.
Please restart the server
Re:
Not sure where that’s coming from because the server cert was fine. I reset it anyway.
If it doesn’t pull a new certificate, we can force it. Please let me know.
After several docker container restarts as well as a server restart I’m still having issues. I still see the LetsEncypt cert as expired on the plex web browser. In the console I’m not seeing the acquiring new certificate error but I see the errors/warnings below.
[CERT] TLS connection from 192.168.5.2:54584 came in with unrecognized plex.direct SNI name ‘172-18-0-1.58bac3126848483c9bcf2c13d06ca1c3.plex.direct’; using installed plex.direct cert
[HttpClient/HCl#3c] HTTP error requesting GET https://172-18-0-1.58bac3126848483c9bcf2c13d06ca1c3.plex.direct:32400 (60, SSL peer certificate or SSH remote key was not OK) (SSL certificate problem: certificate has expired)
I tried to force again. It is not regenerating
I have called out to the team for help
Anything I can provide to help with the investigation?
Please go into the filesystem.
Go to the “Plex Media Server/Cache” directory.
rename ‘cert-v2.p12’ → ‘bad-cert-v2.xxx’ (avoids being peceived as valid)
Now restart PMS.
WHen it fails (or succeeds) stop it and grab fresh tar.gz log files.
I’ll give them to the Engineer.
How do I securely share my zipped logs without everyone having access to them?
