Yep. Using NTP:
# date
Fri Mar 26 20:39:51 UTC 2021
May I reset your certificate and have you restart the “***FLIX” server ? 
Yes, please do. What does that mean, by the way?
Check your messages please.
I sent you what is listed in your account.
Okay, so if I’m following this, the problem actually has nothing to do with the update, and has everything to do with the expired TLS certificate on my server?
Okay. I guess that makes sense, but that’s still a little odd.
Is that something that you can reset from your end, or do I need to import something?
And to prevent this in the future, what should I do?
Jon,
I think this is the outgrowth of completely disabling secure connections instead of creating allowances for your LAN.
Plex.tv requires HTTPS to work.
If you don’t want to use HTTPS or Authentication on your LAN, we address that differently.
Doing it as it should be:
- You get HTTPS to Plex.tv and for remote as you should
- Anything on LAN is unsecure OR without authentication – depending on what you want.
How do you use Plex ?
What kinds of devices do you have in your home LAN?
How did Plex get to be set as disabled ?
Historically, it’s been a more involved than just a local LAN issue. I share this server with my family. I know of at least one Smart TV Plex app that just could not deal with a secure connection (or even setting it on Preferred), so I disabled it. That was years ago, so I guess I’m open to trying again. But the impact was both remote and local.
A lot has changed in the past year alone.
The app teams have really pushed hard on the HTTPS management.
I will reset your certificate.
While I’m doing that,
If you would,
- Set your LAN to Preferred
- Settings - Server - Network - SHOW ADVANCED
- Networks allowed without Auth, type in
192.168.222.0/24 - – Please edit that if it’s not a standard 255.255.255.0 subnet –
- This will exclude all clients on your home LAN from requiring authentication.
- SAVE
- Restart Plex
Translating to the latest wording:
Server → Settings → Network
Secure connections → changed from “Disabled” to “Preferred”
(scroll down; Advanced was already showing)
“List of IP addresses and networks that are allowed without auth” → I currently have “192.168.222.0/255.255.255.0”. Sadly, I think I got that notation from a blogger (serves me right). I know that’s not proper CIDR notation. So, the /24 should be accepted properly?
Yes. Don’t use the quotes. Only digits, dot, or slash. No spaces either 
For me, it is literally: 192.168.0.0/255.255.255.0 -or- 192.168.0.0/24
For clarity, this is currently what’s in the discussed field:
192.168.222.0/24
Good that it accepts both /[mask] and /[maskbits]. I prefer proper CIDR.
Yes.
And to confirm, your subnet is 192.168.222.x ?
As defined above. 192.168.222.0/24. You guessed correctly.
Your logs were great help.
Should be good to go. SAVE. Plex.tv is ready for you to restart
Now that looks GOOD on Plex.tv
Okay. I’ve restarted. I brought up a new window in a few different browsers. They’re all working. App clients (iOS and Roku so far) are both working both locally and remotely.
And the biggest test to me, I “reloaded as secure” the only functioning browser tab session I had open. And it’s working. I’ll be curious to check that Smart TV now, but I’ll do that on my own.
So it would seem safe to update to 1.22.1.4288 again.
Also, just to be clear, is TLS certificate rotation normally done on Plex’s end? Is there anything I need to do? I’m assuming it wasn’t done, because secure connections were disabled. Is that correct?
Yes, TLS certificate rotation is performed by Plex.
We provide the certificate to you so we have the responsibility of maintaining it too.
At this point, you’re back on Automatic and should be good from here on out.
As follow on thought;
We disabled the authentication requirement for your LAN.
They won’t need to sign in.
They still will use the cert when they can flip over to it.
That’s how it’s designed & coded.
And that’s just fine. I’m all for supporting security, when it doesn’t impede function. 
I’ve upgraded to 1.22.1.4228 again, and verified that everything’s fine. So the upgrade was evidently a coincidence. It would seem that the app clients are more forgiving of an expired cert than the web app. That seems to have been the problem. As a result, I’m going to change the topic name. The current name is misleading.
Thanks so much for your help!
You’re very welcome.
I’m glad we got it all sorted out and you back to normal operating mode.
