Server Version#: 1.26.0.5715
Player Version#: 4.76.1
I’ve got Plex including remote access running for years, with properly setup port forwarding on my router. Since a few weeks the remote access seems not to be working. I went to plex.tv/web and I couldn’t see my server, so I went to check in the settings, and it said Remote access was fine, showing me the the local and public IP and so on. I restarted Plex and remote access is now on “connecting server…” and usually takes several minutes to time out, resulting in unknown local IP, remote IP and so on.
I went into the PMS logs and found the following errors that I think are related to the issue:
Local access via IP works well and I double checked the port forwarding and this is also fine and the ports are reachable from the internet. The logs are full of those SSL warnings.
I checked the topics on this forum concerning such SSL errors but couldn’t find anything fitting my situation. I’m not running any VPN, I checked the time of my NAS is right etc. .
Based on the log it’s all about this certificate warning, basically update checks fail, myPlex online checks fail etc. So my Plex is basically not able to reach anything related to plex.tv .
I’ve read about the issue where plex support needs to reset your certificate, but those errors seem different.
You turned off DEBUG logging (which doesn’t save any space because logs are fixed length). This means I can’t really see what’s happening. Recommend you turn it back on (Keep VERBOSE OFF).
Found this – You running a proxy?
Apr 25, 2022 21:27:54.253 [0x7fba6e346b38] ERROR - PublicAddressManager: Unable to get public IP adddress from myPlex (httpCode=404): <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
Apr 25, 2022 21:27:55.573 [0x7fba6dffdb38] WARN - QueryParser: Invalid field 'sectionID' found, ignoring.
And this: Your own certificate and/or a Proxy?
– This is how the typical MITM violation looks.
Apr 25, 2022 21:27:56.993 [0x7fba6e66db38] WARN - [HttpClient] HTTP error requesting GET https://plex.tv/api/v2/server/access_tokens?auth_token=xxxxxxxxxxxxxxxxxxxx (60, SSL peer certificate or SSH remote key was not OK) (SSL: no alternative certificate subject name matches target host name 'plex.tv')
Ok wow. You totally brought me on the right track. So when you mentioned a MITM attack I contacted a friend he suggested that I run from my nas:
openssl s_client -showcerts -connect plex.tv:443
Which did NOT return a plex certificate, but a valid digicert signed certificate for a random website hosted on AWS . So it seems I somehow ended up on the wrong server. Next step was to do a ping of plex.tv from my NAS. Which did return a different IP than from my main PC:
dig +short A plex.tv
The IP matched none of the IP’s of that result. BUT I found the returned IP using google and reddit, and it seems the IP was part of plex.tv close to ~3 months ago. So it seems I ran into a stale DNS entry , which instead of timing out if the IP wasn’t used anymore, basically ran my PLEX Servers requests into a random site.
I’ve now flushed some DNS caches and the NAS now resolves to a non stale plex.tv IP.
Thank you for your MITM hint and sending me on that journey.
Now everything is working again. And the stale DNS explains why it stopped working without any changes made to the network/plex/nas/etc. .
Thank you very much for your very competent and on point help.
