Apologies for bumping this old thread, but I had this exact issue today on Plex Server 1.13.2.5154 with a custom certificate from my LAN CA. Frustratingly, Plex provided extremely poor indication of what was wrong. Even with debug logging enabled, this is all it says:
Jun 24, 2018 10:45:33.138 [0x7f742a3ff700] DEBUG - CERT: Loaded a user-provided certificate.
Jun 24, 2018 10:45:33.138 [0x7f742a3ff700] WARN - CERT: Missing cert or issuer; skipping OCSP stapling
The “missing cert or issuer” is ambiguous and following it up with “Skipping OCSP stapling” is extremely misleading, since it implies that the certificate has been loaded successfully and will be used, albeit without OCSP stapling.
Worse, after properly constructing a chain certificate and configuring plex to use it, plex omits the “Loaded a user-provided certificate” notice and instead produces another similar ambiguous and useless error message, even though the certificate is now properly working (This was my fault, because apparently I changed my log level).
Annoyingly, after fixing the issue, plex still complains about the certificate and says it’s skipping OCSP. The “this worked” and “this failed” messages are rage-inducingly similar.
Jun 24, 2018 11:19:00.995 [0x7fd487fff700] WARN - CERT: getCertInfo failed; skipping OCSP stapling
I’m glad I found this post, because this has been an extraordinarily frustrating thing to troubleshoot. I realize that the majority of plex users likely won’t be installing custom certs and will instead be relying on the SSL shenanigans you guys have set up, but it would have been nice if the logs could have provided less-ambiguous error messages. Who the hell cares if plex isn’t checking the ocsp stapling of a cert if it’s not even successfully loading the cert in the first place? The latter is considerably more useful for troubleshooting.
In any case, issue was fixed by creating a chain cert with the entire trust chain in it and using that.
