Server Version#: 1.18.9.2578
My experience has been identical to that described by @Specimen1334, with the following exception. In Network Settings I have enabled the relay function so users outside my network are still able to reach my NAS and share my content.
Based on information I’ve seen in Plex articles, this method allows users to connect to a Plex server that is otherwise unreachable by directing the user to Plex direct servers which have bandwidth restrictions. In addition, although Plex explains that our privacy is important, it does result in a situation where a Plex server sharing content can only do so when Plex direct is involved.
I’ve attempted two methods of validating custom certificates in the Plex server network settings in order to confirm that my configuration is working properly.
- Self-signed Certificate
I created a Openssl pcks12 file (pfx) using self-signed certificate, key, and CA (Certifiate Authority) chain certificates. The certificates were all valid and allow my server to be otherwise visible with no issues or warnings in any browser. The browser always indicated that the server certificate was valid, encryption was enabled and any transactions with the server was safe.
I went one step further and validated that I could access the Plex server via external devices (mobile phone with WIFI disabled, connecting by means of mobile data connection). My server was available remotely with no issues. I was able to stream content to the mobile phone securely, even though Plex indicated Remote Access was disabled. This led me to believe that the issue is that Plex is expecting the CA to be a Top Trusted CA. Self-signed certificates didn’t qualify. So, I switched to Let’s Encrypt.
- Let’s Encrypt certificate
I created an Openssl pkcs12 certificate as indicated in step 1 using Let’s Encrypt certificates. Once again, my NAS provided a secure, encrypted connection as it did with a self-signed certificate. The only difference is instead of using a self-signed CA that is installed on my devices, it’s using the Top Trusted CA provided by Let’s Encrypt. I was able to connect to my Plex server using my mobile data connection although the Plex server indicated that remote access was disabled.
This leads me to believe that the issue lies with the Plex software. I’m no expert, but my guess is although Plex server successfully uploads the pcks12 certificate enabling secure, encrypted connections that allow a server to stream to remote users, the Remote Access portion of Plex Server isn’t properly managing the pcks12 certificate data and reverting to either no connection as indicated by @Specimen1334 or sending users through the Plex Direct servers in my case.
I’ve already confirmed with my friends that they can stream my content although the Remote Access is showing disabled. Fortunately, they’re unaware of the issue and it appears that everything is working appropriately on their end. Based on the information provided accessing a server through relay support page (https://support.plex.tv/articles/216766168-accessing-a-server-through-relay/) users will have a better experience if remote access is enabled and working properly. Anything the @Plex Team can do to investigate issues related to remote access handling custom certificates would be appreciated.
