Remote acess and secure connection

/var/snap/plexmediaserver/common/Library/Application Support/Plex Media Server/Cache$ ls -la
total 104
drwxr-xr-x 6 root root 4096 Aug 16 10:55 .
drwxr-xr-x 11 root root 4096 Aug 16 10:44 …
-rw-r–r-- 1 root root 9142 May 3 17:25 autotag_wordlist.json
-rw-r–r-- 1 root root 1936 Aug 16 10:55 CloudAccessV2.dat
-rw-r–r-- 1 root root 12128 Aug 16 10:44 CloudAccountV2.dat
-rw-r–r-- 1 root root 7104 Aug 16 10:44 Flags.dat
drwxr-xr-x 2 root root 4096 Aug 5 23:25 fontconfig
drwxr-xr-x 2 root root 4096 Aug 14 20:53 OCSP
drwxr-xr-x 258 root root 4096 Nov 16 2019 PhotoTranscoder
-rw-r–r-- 1 root root 7392 Aug 16 10:44 Privacy.dat
-rw-r–r-- 1 root root 30476 Jul 27 22:12 relayHostKey.txt
drwxr-xr-x 5 root root 4096 Jun 17 02:01 Transcode
-rw-r–r-- 1 root root 352 Aug 16 10:44 UpdateChannels.dat

this?

Yes, that directory.

And that is interesting. The files I was expecting to see aren’t in there. But other files have been modified recently - so they might just be elsewhere. Or have you uninstalled/reinstalled Plex in the last few hours?

I was looking for certificate.p12. Plex gets a magic SSL certificate from the Plex mothership. On the systems I’m familiar with, it’s stored as certificate.p12 in the Cache directory. It might be elsewhere, OR, the lack of that file could be why SSL isn’t working.

Paging anybody who is familiar with the snap packages!

Let’s see what user your Plex Server is running as. Can you do this?

ps uafxw | grep -i plex

I did remove and reinstall plexmediaserver yesterday, in an attempt to resolve the issue. But it didn’t help. When removing it, snap made a “backup” which I restored after seeing that the reinstall didn’t help.

ps uafxw | grep -i plex
viktor 21953 0.0 0.0 13136 1148 pts/0 S+ 11:08 0:00 _ grep --color=auto -i plex
root 13483 0.0 0.0 19768 3324 ? Ss 10:44 0:00 /bin/bash /snap/plexmediaserver/108/wrapper.sh
root 13571 0.0 0.0 19768 2396 ? S 10:44 0:00 _ /bin/bash /snap/plexmediaserver/108/wrapper.sh
root 13572 0.7 0.5 2463044 85088 ? Sl 10:44 0:10 _ ./Plex Media Server
root 13586 0.4 0.3 1800960 50420 ? SNl 10:44 0:06 _ Plex Plug-in [com.plexapp.system] /snap/plexmediaserver/108/Resources/Plug-ins-b23ab3896/Framework.bundle/Contents/Resources/Versions/2/Python/bootstrap.py --server-version 1.19.5.3112-b23ab3896 /snap/plexmediaserver/108/Resources/Plug-ins-b23ab3896/System.bundle
root 13641 0.0 0.0 435480 14128 ? Sl 10:44 0:00 _ /snap/plexmediaserver/108/Plex Tuner Service /snap/plexmediaserver/108/Resources/Tuner/Private /snap/plexmediaserver/108/Resources/Tuner/Shared 1.19.5.3112-b23ab3896 32600 /waitmutex
root 13672 0.1 0.2 957664 44600 ? Sl 10:44 0:02 _ Plex Plug-in [com.plexapp.agents.imdb] /snap/plexmediaserver/108/Resources/Plug-ins-b23ab3896/Framework.bundle/Contents/Resources/Versions/2/Python/bootstrap.py --server-version 1.19.5.3112-b23ab3896 /snap/plexmediaserver/108/Resources/Plug-ins-b23ab3896/PlexMovie.bundle

I’m not sure about posting all my logs here. There were MANY in that zip file. Would that be safe?

OK, it looks like Plex is running as root, which is … well, whatever. That might be reasonable for the snap package. (All you should take from this is that I’m not familiar with snap or these snap packages, nothing about snap itself.)

But the …/Cache/ directory was owned by root, so Plex would have permission to write there.

As far as logs go, Plex does a really good job sanitizing the Plex Token out of them. But they still contain things like your external IP address, internal IP addresses, usernames, path to your files and movies. So it’s up to you.

You could search Plex Media Server.log for “certificate” and share that, if you like. Might miss the relevant context, but it also might tell us where to look next.

@ChuckPa, I wonder if you could help. Are you the person for these packages? Is running as root normal? Where’s the certificate.p12 supposed to be, if not in Cache?

TY!

here’s the Plex Media Server.logPlex Media Server.log (803.7 KB)

OK I’m confident that Plex not being able to find the certificate is why you can’t enable SSL/Connect Securely.

I’m equally NOT sure why it isn’t successfully fetching a certificate. I don’t know what error 429 means in this case, and hope for a response from the Plex folks now.

Aug 16, 2020 10:44:10.861 [0x7fecc2bdb700] DEBUG - CERT: Certificate or intermediate did not exist, fetching a new one.
Aug 16, 2020 10:44:10.861 [0x7fecc2bdb700] DEBUG - HTTP requesting POST https://plex.tv/devices/5369507eef9145786cd313cfa2e81519af2167bb/certificate?version=2&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Aug 16, 2020 10:44:11.076 [0x7fecc2bdb700] DEBUG - HTTP 429 response from POST https://plex.tv/devices/5369507eef9145786cd313cfa2e81519af2167bb/certificate?version=2&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Aug 16, 2020 10:44:11.077 [0x7fecc2bdb700] ERROR - CERT: Could not fetch certificate from the cloud: 429

Ok, thank you. I’m keeping my fingers crossed.

429 would normally mean that a web server was annoyed with you for making too many requests too quickly.

It’s POSSIBLE that Plex has some rate limiting around certificate requests, and that your server did make too many requests, at some point, when you were testing/upgrading/changing things. If so it might calm down and work again “soon”.

But you said this was a while ago? Or it’s also possible something funny is going on, and they need to kick it for you.

Well, I’m not really sure when it started. I’m been at home all summer since June, and didn’t personally have problems or notice it until I was back at work this Wednesday. Though a friend and my brother who I share my libraries with, claim it’s been like this all summer. That is about the time I got the new isp. Had problems with my last isp and was without internet for a week before the new one got connected. First week in June I think.

So, maybe I should just turn the server off for a day or so?

Nah. If it hasn’t fixed itself by now, I don’t think leaving it off for a day will make any difference.

You don’t want to enter any credentials on an unsecured page, but the biggest risk of not running Plex with SSL is that your ISP could, if they’re inspecting your traffic, see what movies you’re watching remotely.

That hasn’t been a huge issue in the US, most people just want to stay private in case. I don’t know what the rules are in the EU.

Maybe @nokdim will have more direction, too!

Can you check https://x.x.x.x:236xx where x.x.x.x is your public IP from a device outside your network? or even https://y.y.y.y:32400 from inside?

I went through the logs and just did some testing and I think this should be working now

or at least https://79.136.x.x:236xx/ works for me and I see a good SSL cert.

You fixed it, @nokdim!

Yes, thank you! Tested from outside and inside network and from plex.tv. It all works now. Though in Firefox on android I get a messege something like “certificate not trusted, proceed anyway”. But it does work!

Thank you very much!

Yeah browsing by IP you will get the cert error but using the fqdn assigned by plex it will work without error. Just make sure your remote access works for you and your friends and you should be good.

Did you do anything, or can we assume the errors stopped and it fetched a cert successfully?

@Volts Yeah I didn’t do anything, that 429 you saw was the issue and the plex cloud must have eventually stopped giving the 429 and he got a good cert.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.