Plex is unable to connect securely

Plex Media Server
1

Sorry for re-posting the “famous” issue, but I couldn’t get the solution out of posts on this forum.

Local Plex server reports that there are no issues with remote access:

image
image725×561 56.3 KB

however:

  • In “Alerts” section I see a lot of “Unable to listen for events on My Plex” messages.
  • Apache dumps the following to error log:
[Sun Sep 11 16:52:17.093329 2022] [proxy_http:error] [pid 2530078] (20014)Internal error (specific information not available): [client 192.168.x.x:35462] AH01102: error reading status line from remote server localhost:32400

On the top of port 32400 forwarding through my router I have exposed my Plex server via Apache using reverse proxy:

<VirtualHost *:443>
        ProxyPass               /               http://localhost:32400/
        ProxyPassReverse        /               http://localhost:32400/
        ProxyPass               /:/websockets/  ws://localhost:32400/:/websockets/
        ProxyPassReverse        /:/websockets/  ws://localhost:32400/:/websockets/
        ProxyPass               /:/websockets/  wss://localhost:32400/:/websockets/
        ProxyPassReverse        /:/websockets/  wss://localhost:32400/:/websockets/
       
        SSLEngine on
        ...
</VirtualHost>

When I test it from external server, it seems to work just fine:

$ openssl s_client -connect plex.mydomain.com:443 
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = plex.mydomain.com
verify return:1
---
Certificate chain
 0 s:CN = plex.mydomain.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
...
$ openssl s_client -connect plex.mydomain.com:32400
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = *.72dc8bd21f24e1f1c64a29fe5e257f2e.plex.direct
verify return:1
---
Certificate chain
 0 s:CN = *.80cd9a3c983e49a3824a29fe9eafb25d.plex.direct
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3

Maybe I mix several issues into one, i.e. it is not clear if exposing Plex server to the internet is necessary for remote access to function.

Any hint is welcomed.

Server v1.28.2 running on Linux x64.

Posts on the same issue:

2

I get the same “Unable to listen for events on My Plex” alert messages on my server. I came here looking for a solution since there are quite a few posts on the matter, but none of them ever really got addressed.

3

@dma_1

  1. Remote Access requires exposing PMS to the internet.
    – Plex.tv is the broker (it holds your IP address)
    – The player asks Plex.tv where to connect to
    – Plex.tv provides the address and port you configured
    – The player then contacts your server directly.

  2. Be very careful of Proxies. You have a FQDN involved as well. PMS will not allow another certificate to intervene if it’s not a known one (Settings - Server - Network - Show Advanced) you added to Plex.

@Landwehr_Home

Can you provide log files please? (the ZIP file) Nothing obvious is showing in the Plex.tv record for your server. There was also a partial outage today. Could that have impacted?

4

Thanks for your information!

I didn’t get from your reply what is configured wrong. Do I have to remove Settings → Network → Custom certificate location if that keys is not accepted? The option’s description reads “Path to a PKCS #12 file containing a certificate and private key to enable TLS support on a custom domain” and if you check top post, the certificate matches the domain:

I know this because domain opens in browser without warning. For setup I used this article.

Second is that I trust the status reported by my local Plex service in Settings → Remote Access: why it reports that everything is OK (green status)? :exploding_head:

Additionally Plex.tv server may report a more verbose error “Plex is unable to connect securely: certificate key does not match the domain”. :partying_face:

5

@dma_1

When you have “key does not match the domain”,
And knowing you have a proxy,

Implies to me that all connections are going through the proxy.
PMS & Plex.tv will not allow a 3rd-party domain in between that connection.

Most times, the problem occurs when Plex.tv responds to PMS. This is when the Proxy gets in the way.

Also, with your certificate, just in case it’s not mentioned, be certain to include your CA in the P12.

Does it your remote access report and stay in Green status?

May I see your log files? It’s very hard to guess what this really is without seeing it.

6

Thanks for the information you have provided. I don’t know how, but my setup magically started to work :exploding_head:
I have restarted Plex and Apache but I also did it before when trying to find the cause of the issue. So finally the issue is gone by its own.

Nevertheless it would be great of app.plex.tv could report a more detailed error so that the issue could be resolved easier.

I am pretty sure I was/am able to connect to Plex via port-forwarded 32400, and Apache reverse-proxy plays no role here (there is no proxy capturing the traffic on port 32400 as I demonstrated above with openssl s_client which I was running from external host).

Yes, my Plex server reports it was/is green all the time.

7

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.