After some more investigating I think this could be a plex issue, this looks like a related thread: PMS suddenly shows issues with remote access 9/30/2021 10AM EST - #3 by VirulentPip.
In my setup, PMP doesn’t seem to use a *.plex.direct address to access media on the server externally. It’s aware of the *.plex.direct address at least, according to the logs, and seems to use that to load the UI images/settings etc. securely. No idea why it isn’t using that address for media playback though, instead it opts to use the IP address (unsuccessful - invalid cert).
This behavior does seem to be intermittent - about 9/10 it doesn’t playback media for me.
Plex Web is able to playback media with no issues (but with all the known limitations), and Plex for Windows also was able to playback media.
Went ahead and updated the plex server to latest just in-case, but that’s made no difference. Worth noting the server settings says ‘not available outside your network’, despite me successfully able to connect to it directly using the *.plex.direct address shown in the logs, and double-checking my port forwarding config (even though it hasn’t been touched in months).
Attached some PMP log below
Logs
Detects *.plex.direct address just fine
2021-10-01 08:02:09 [ INFO ] JS: %c[Servers] Initializing...
2021-10-01 08:02:09 [ INFO ] JS: %c[Servers] Initialize server with token, REDACTED_SERVERNAME, REDACTED_TOKEN, https://REDACTED_REMOTE_IP.REDACTED_ADDR.plex.direct:32400
2021-10-01 08:02:09 [ INFO ] JS: %c[Servers] Initialize server without token, [Loopback], http://127.0.0.1:32400
2021-10-01 08:02:09 [ INFO ] JS: %c[Servers] Waiting for initial servers = [Loopback], plex.tv
2021-10-01 08:02:09 [ INFO ] JS: %c[Primary Server] Waiting to set the primary server
2021-10-01 08:02:09 [ INFO ] JS: %c[Primary Server] Waiting for the last primary server, REDACTED_TOKEN, to connect
2021-10-01 08:02:09 [ INFO ] JS: %c[Commands] Executing testServerConnection
2021-10-01 08:02:09 [ INFO ] JS: %c[Commands] Executing testServerConnection
2021-10-01 08:02:09 [ INFO ] JS: %c[Commands] Executing testServerConnection
2021-10-01 08:02:09 [ INFO ] JS: %c[Companion] No companion found
2021-10-01 08:02:09 [ INFO ] JS: %c[Servers] Finished initialization
2021-10-01 08:02:09 [ INFO ] JS: %c[Providers] Initializing...
2021-10-01 08:02:09 [ INFO ] JS: %c[Providers] Finished initialization
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] Testing connection for REDACTED_SERVERNAME at https://REDACTED_REMOTE_IP.REDACTED_ADDR.plex.direct:32400/media/providers
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] Testing connection for plex.tv at https://plex.tv/monitoring/health
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] Testing connection for [Loopback] at http://127.0.0.1:32400/media/providers
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] Testing legacy connection for [Loopback] at http://127.0.0.1:32400
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] [Loopback] is unavailable at http://127.0.0.1:32400/media/providers (Status 0)
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] [Loopback] is unavailable at http://127.0.0.1:32400/media/providers (Status 0)
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] All connections to [Loopback] failed
2021-10-01 08:02:09 [ INFO ] JS: %c[Servers] Waiting for initial servers = plex.tv
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] Retrying connection tests for [Loopback] in 2 seconds
2021-10-01 08:02:09 [ INFO ] JS: %c[Companion] No companion found
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] plex.tv connected at https://plex.tv/monitoring/health
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] Active connection to plex.tv is https://plex.tv
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] Active connection to REDACTED_SERVERNAME is https://REDACTED_REMOTE_IP.REDACTED_ADDR.plex.direct:32400
2021-10-01 08:02:09 [ INFO ] JS: %c[Servers] Waiting for initial servers = plex.tv
2021-10-01 08:02:09 [ INFO ] JS: %c[MediaServerEventManager] Opening server event connection to REDACTED_SERVERNAME at wss://REDACTED_REMOTE_IP.REDACTED_ADDR.plex.direct:32400/:/websockets/notifications?X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
2021-10-01 08:02:09 [ INFO ] JS: %c[Connections] Retrying server events connection for REDACTED_SERVERNAME in 2 seconds
2021-10-01 08:02:09 [ INFO ] JS: %c[Primary Server] REDACTED_SERVERNAME is now the primary server
2021-10-01 08:02:09 [ INFO ] JS: %c[User] userPromise succeeded
2021-10-01 08:02:09 [ INFO ] JS: %c[MediaServerEventManager] Opened server event connection to REDACTED_SERVERNAME at wss://REDACTED_REMOTE_IP.REDACTED_ADDR.plex.direct:32400/:/websockets/notifications?X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Doesn’t seem to use the *.plex.direct address to connect to the server, the first thing it tries is the IP and fails (not secure/cert error)
2021-10-01 08:02:52 [ INFO ] PlayerComponent.cpp @ 600 - cplayer: Playing: https://REDACTED_REMOTE_IP:32400/library/parts/9946/1628396831/file.flac?X-Plex-Session-Identifier=zpcil5va7jq7xjpb8famkz5i&X-Plex-Client-Identifier=REDACTED_CLIENT_ID&X-Plex-Device-Screen-Resolution=1280x739%2C1280x800&X-Plex-Version=4.29.2&X-Plex-Features=external-media&X-Plex-Client-Capabilities=protocols%3Dshoutcast%2Chttp-video%3BvideoDecoders%3Dh264%7Bprofile%3Ahigh%26resolution%3A2160%26level%3A52%7D%3BaudioDecoders%3Dmp3%2Caac%2Cdts%7Bbitrate%3A800000%26channels%3A2%7D%2Cac3%7Bbitrate%3A800000%26channels%3A2%7D&X-Plex-Product=Plex%20Media%20Player&X-Plex-Platform=Konvergo&X-Plex-Platform-Version=2.58.0.dev-ae73e074&X-Plex-Device=Linux&X-Plex-Device-Name=nmbp&X-Plex-Model=5.12&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx&X-Plex-Language=en&Accept-Language=en
2021-10-01 08:02:52 [ DEBUG ] PlayerComponent.cpp @ 598 - cplayer: Running hook: main/on_load
2021-10-01 08:02:52 [ DEBUG ] PlayerComponent.cpp @ 598 - cplayer: Set property: ad="flac" -> 1
2021-10-01 08:02:52 [ DEBUG ] PlayerComponent.cpp @ 598 - cplayer: Set property: vd="flac" -> 1
2021-10-01 08:02:52 [ DEBUG ] PlayerComponent.cpp @ 598 - ffmpeg: Opening https://REDACTED_REMOTE_IP:32400/library/parts/9946/1628396831/file.flac?X-Plex-Session-Identifier=zpcil5va7jq7xjpb8famkz5i&X-Plex-Client-Identifier=REDACTED_CLIENT_ID&X-Plex-Device-Screen-Resolution=1280x739%2C1280x800&X-Plex-Version=4.29.2&X-Plex-Features=external-media&X-Plex-Client-Capabilities=protocols%3Dshoutcast%2Chttp-video%3BvideoDecoders%3Dh264%7Bprofile%3Ahigh%26resolution%3A2160%26level%3A52%7D%3BaudioDecoders%3Dmp3%2Caac%2Cdts%7Bbitrate%3A800000%26channels%3A2%7D%2Cac3%7Bbitrate%3A800000%26channels%3A2%7D&X-Plex-Product=Plex%20Media%20Player&X-Plex-Platform=Konvergo&X-Plex-Platform-Version=2.58.0.dev-ae73e074&X-Plex-Device=Linux&X-Plex-Device-Name=nmbp&X-Plex-Model=5.12&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx&X-Plex-Language=en&Accept-Language=en
2021-10-01 08:02:52 [ INFO ] PlayerComponent.cpp @ 470 - Entering state: buffering
2021-10-01 08:02:52 [ INFO ] JS: %c[Player] Buffering detected by PMP
2021-10-01 08:02:52 [ ERROR ] PlayerComponent.cpp @ 604 - ffmpeg: tls: Peer certificate failed verification
2021-10-01 08:02:52 [ ERROR ] PlayerComponent.cpp @ 604 - stream: Failed to open https://REDACTED_REMOTE_IP:32400/library/parts/9946/1628396831/file.flac?X-Plex-Session-Identifier=zpcil5va7jq7xjpb8famkz5i&X-Plex-Client-Identifier=REDACTED_CLIENT_ID&X-Plex-Device-Screen-Resolution=1280x739%2C1280x800&X-Plex-Version=4.29.2&X-Plex-Features=external-media&X-Plex-Client-Capabilities=protocols%3Dshoutcast%2Chttp-video%3BvideoDecoders%3Dh264%7Bprofile%3Ahigh%26resolution%3A2160%26level%3A52%7D%3BaudioDecoders%3Dmp3%2Caac%2Cdts%7Bbitrate%3A800000%26channels%3A2%7D%2Cac3%7Bbitrate%3A800000%26channels%3A2%7D&X-Plex-Product=Plex%20Media%20Player&X-Plex-Platform=Konvergo&X-Plex-Platform-Version=2.58.0.dev-ae73e074&X-Plex-Device=Linux&X-Plex-Device-Name=nmbp&X-Plex-Model=5.12&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx&X-Plex-Language=en&Accept-Language=en.
2021-10-01 08:02:52 [ DEBUG ] PlayerComponent.cpp @ 598 - cplayer: Opening failed or was aborted: https://REDACTED_REMOTE_IP:32400/library/parts/9946/1628396831/file.flac?X-Plex-Session-Identifier=zpcil5va7jq7xjpb8famkz5i&X-Plex-Client-Identifier=REDACTED_CLIENT_ID&X-Plex-Device-Screen-Resolution=1280x739%2C1280x800&X-Plex-Version=4.29.2&X-Plex-Features=external-media&X-Plex-Client-Capabilities=protocols%3Dshoutcast%2Chttp-video%3BvideoDecoders%3Dh264%7Bprofile%3Ahigh%26resolution%3A2160%26level%3A52%7D%3BaudioDecoders%3Dmp3%2Caac%2Cdts%7Bbitrate%3A800000%26channels%3A2%7D%2Cac3%7Bbitrate%3A800000%26channels%3A2%7D&X-Plex-Product=Plex%20Media%20Player&X-Plex-Platform=Konvergo&X-Plex-Platform-Version=2.58.0.dev-ae73e074&X-Plex-Device=Linux&X-Plex-Device-Name=nmbp&X-Plex-Model=5.12&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx&X-Plex-Language=en&Accept-Language=en
2021-10-01 08:02:52 [ DEBUG ] PlayerComponent.cpp @ 598 - cplayer: finished playback, loading failed (reason 4)
EDIT:
Another possible theory - maybe an API change they’ve made for something else has unintentionally broke PMP? Important information about Plex for smart TVs after September 30, 2021.
EDIT 2:
Looks like I was wrong with both of the above, after I managed to dig up logs from 2020 on an older system and compare the two. I think this is indeed the Letsencrypt root cert issue, but it seems to only be affecting something related to PlayerComponent.cpp/cplayer/ffmpeg. The rest of the app seems to work just fine over HTTPS.
My limited knowledge here can only suggest this is might be caused by an older version of openssl being compiled in e.g. <= v1.0.2, which prefers expired certs over new ones.
The Appimage works perfectly fine, but will definitely miss the auto updates and nicer system integration offered by the Flatpak
