[SOLVED] Error acquiring new certificate

Server Version#: 1.30.1.6562
Player Version#: not relevant

As of the last 24 hours, I am seeing this error in Logs/Plex Media Server.log :

ERROR - CERT: Error acquiring new certificate: Failed to upload CSR: 429

Here are the relevant log lines:

Jan 17, 2023 08:53:50.377 [0x7f66e58fdb38] INFO - Plex Media Server v1.30.1.6562-915986d62 - Debian GNU/Linux PC x86_64 - build: linux-x86_64 debian - GMT -08:00
Jan 17, 2023 08:53:50.378 [0x7f66e58fdb38] INFO - Linux version: 11 (bullseye), language: en-US
Jan 17, 2023 08:53:50.378 [0x7f66e58fdb38] INFO - Processor: 2-core AMD A6-6400K APU with Radeon(tm) HD Graphics   
Jan 17, 2023 08:53:50.378 [0x7f66e58fdb38] INFO - Compiler is - Clang 11.0.1 (https://plex.tv xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
Jan 17, 2023 08:53:50.378 [0x7f66e58fdb38] INFO - /usr/lib/plexmediaserver/Plex Media Server
Jan 17, 2023 08:53:50.429 [0x7f66e93980d0] INFO - Running migrations. (EPG 0)
Jan 17, 2023 08:53:50.482 [0x7f66e93980d0] INFO - Running migrations. (EPG 0)
Jan 17, 2023 08:53:52.377 [0x7f66e2fccb38] WARN - Crash: Crash reporting disabled
Jan 17, 2023 08:53:52.790 [0x7f66e23a2b38] INFO - Refreshing paths watched by LibraryUpdateManager
Jan 17, 2023 08:53:53.655 [0x7f66e06fbb38] INFO - SQLITE3:0x80000001, 283, recovered 782 frames from WAL file /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Plug-in Support/Databases/tv.plex.providers.epg.cloud-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.db-wal
Jan 17, 2023 08:53:53.678 [0x7f66e06fbb38] INFO - Running migrations. (EPG 1)
Jan 17, 2023 08:53:54.274 [0x7f66e52b5b38] WARN - [EventSourceClient/pubsub/45.33.125.156:443] MyPlex: attempted a reachability check but we're not yet mapped.
Jan 17, 2023 08:53:54.986 [0x7f66e1766b38] ERROR - CERT: Error acquiring new certificate: Failed to upload CSR: 429, <?xml version="1.0" encoding="UTF-8"?>
<errors>
  <error code="1003" message="API rate limit exceeded" status="429"/>
</errors>
Jan 17, 2023 08:53:55.049 [0x7f66e2dc9b38] WARN - [MediaProviderManager] Unrecognized MediaProvider feature: availability
Jan 17, 2023 08:53:55.049 [0x7f66e2dc9b38] WARN - [MediaProviderManager] Unrecognized MediaProvider feature: availability-platforms
Jan 17, 2023 08:53:55.054 [0x7f66e3819b38] WARN - [MediaProviderManager] Unrecognized MediaProvider feature: availability
Jan 17, 2023 08:53:55.054 [0x7f66e3819b38] WARN - [MediaProviderManager] Unrecognized MediaProvider feature: availability-platforms
Jan 17, 2023 08:55:59.203 [0x7f66e25ebb38] ERROR - CERT: Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429, 
Jan 17, 2023 08:57:36.982 [0x7f66e1d88b38] INFO - [Req#67] AutoUpdate: no updates available
Jan 17, 2023 08:57:37.612 [0x7f66def42b38] WARN - [Req#6e] QueryParser: Invalid field 'contentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:37.612 [0x7f66def42b38] WARN - [Req#6e] QueryParser: Invalid field 'pinnedContentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:37.626 [0x7f66df145b38] WARN - [Req#6f] QueryParser: Invalid field 'contentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:37.627 [0x7f66df145b38] WARN - [Req#6f] QueryParser: Invalid field 'pinnedContentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:37.732 [0x7f66df145b38] WARN - [Req#96] QueryParser: Invalid field 'contentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:37.732 [0x7f66df145b38] WARN - [Req#96] QueryParser: Invalid field 'pinnedContentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:37.738 [0x7f66e35d5b38] WARN - [Req#94] QueryParser: Invalid field 'contentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:37.738 [0x7f66e35d5b38] WARN - [Req#94] QueryParser: Invalid field 'pinnedContentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:37.773 [0x7f66def42b38] WARN - [Req#91] QueryParser: Invalid field 'contentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:37.773 [0x7f66def42b38] WARN - [Req#91] QueryParser: Invalid field 'pinnedContentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:37.863 [0x7f66df145b38] WARN - [Req#98] QueryParser: Invalid field 'contentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:37.863 [0x7f66df145b38] WARN - [Req#98] QueryParser: Invalid field 'pinnedContentDirectoryID' found, ignoring.
Jan 17, 2023 08:57:49.840 [0x7f66e35d5b38] INFO - [Req#10a] AutoUpdate: no updates available
Jan 17, 2023 08:58:01.580 [0x7f66e1f8bb38] ERROR - CERT: Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429, 
Jan 17, 2023 09:00:08.049 [0x7f66dfedbb38] ERROR - CERT: Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429, 
Jan 17, 2023 09:02:10.448 [0x7f66e1f8bb38] ERROR - CERT: Error acquiring new certificate: Failed to upload CSR: 429, <?xml version="1.0" encoding="UTF-8"?>
<errors>
  <error code="1003" message="API rate limit exceeded" status="429"/>
</errors>
Jan 17, 2023 09:04:14.473 [0x7f66e1f8bb38] ERROR - CERT: Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429, 
Jan 17, 2023 09:06:18.600 [0x7f66e1f8bb38] ERROR - CERT: Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429, 
Jan 17, 2023 09:08:20.856 [0x7f66e1f8bb38] ERROR - CERT: Error acquiring new certificate: Failed to upload CSR: 429, <?xml version="1.0" encoding="UTF-8"?>
<errors>
  <error code="1003" message="API rate limit exceeded" status="429"/>
</errors>
Jan 17, 2023 09:10:06.287 [0x7f66e56e8b38] WARN - JobManager: Could not find job for handle 5377
Jan 17, 2023 09:10:06.305 [0x7f66e56e8b38] WARN - JobManager: Could not find job for handle 5299

I am able to access Plex via http but not via https. I understand Plex employees can reset certificates, which I hope can be done for me.

side note: I tried pinging 45.33.125.156, IP address for reachability check but receive no reply. Not sure if the IP is down or if icmp requests are blocked.

Thanks

The server is stuck trying to get a new certificate.

Normally, this happens automatically.

Looking at Plex.tv, I can see the problem began on the 15th.

It looks like you were restarting the server a lot and, when ownership in /var/lib/plemediaserver is damaged, it wasn’t able to save the certificate when downloaded.

If it keeps trying to save (too many times within a short interval), plex.tv will throttle you.

This is what got you to the state you’re in.

1. What did you do to the server on or just before 15-Jan?
2. does plex:plex own the Cache directory in /var/lib/plexmediaserver ?
   what are permissions in there ?

Asking this because while I can fix it, if the server is still messed up then it will come right back

I recently wrote a script (on Jan 15) that checks whether plex has an update or not. i made queries many times over but didn’t think that would really be an issue. I guess my plex token got flagged and limited.

I have verified that Cache directory is owned by plex:plex.

$ ls -l /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/
total 72
drwxr-xr-x 4 plex plex  4096 Jan 17 09:13  Cache
drwxr-xr-x 3 plex plex  4096 Jan 10 14:12  Codecs
drwxr-xr-x 3 plex plex  4096 Jan 17 07:38 'Crash Reports'
drwxr-xr-x 2 plex plex  4096 Oct 27 06:03  Diagnostics
drwxr-xr-x 2 plex plex  4096 Oct 20 08:23  Drivers
drwxr-xr-x 3 plex plex  4096 Jan 17 09:13  Logs
drwxr-xr-x 3 plex plex  4096 Oct 20 16:34  Media
drwxr-xr-x 6 plex plex  4096 Oct 21 08:42  Metadata
drwxr-xr-x 2 plex plex  4096 Oct 20 08:23  Plug-ins
drwxr-xr-x 7 plex plex  4096 Oct 20 08:24 'Plug-in Support'
-rw------- 1 plex plex  1843 Jan 17 09:12  Preferences.xml
-rw-r--r-- 1 root root  1906 Jan 17 08:14  Preferences.xml.bak
drwxr-xr-x 2 plex plex  4096 Oct 20 17:10  Scripts
-rw------- 1 plex plex 12330 Jan 17 09:12 'Setup Plex.html'
drwxr-xr-x 2 plex plex  4096 Oct 20 08:23  Updates

Curious. As a software eng myself, I use “cache” directories to store temporary items that can be deleted at any time and repopulates automatically. Is this how plex uses the Cache diretory? I ask because I have deleted the contents of the Cache directory.

i made queries many times over but didn’t think that would really be an issue. I guess my plex token got flagged and limited.

Checking for updates doesn’t limit you. The certificate generation limiter is what kicked in. Your server was asking for certificates from Plex.tv.

You don’t want to delete the directory Plex Media Server/Cache as a whole.

The Cache directory is entirely temporary data but the refresh periods vary widely.
Example being your certificate; It has a 90 day lifespan. It’s stored in Cache.

If you want to delete further down into Cache (like transcoder cache or photo cache) when you know PMS isn’t running – that’s fine.

Big hammer isn’t advised here.

I’ve removed the limiter and cleared out the dead certificates.

Please restart the server

Lastly, please tune your scripting

Thank you for helping out. Service started, https access has been restored.

As I was writing my script to check for plex updates, i was restarting the service. Looks like that’s what got me.

I’d like to keep cache, diagnostics, logs, crash reports clear. Is it safe to delete contents of Logs, Crash Reports, and Diagnostics?

To avoid big hammer actions, I would greatly appreciate if you could provide the the directories within Cache that are safe to delete while the server is shut down.

Thank you for your help.

1. Logs are limited to 5 rollover files and continuously self maintaining. Best to leave it alone.

2. Directories you may clean under “Cache” are:
   – PhotoTranscoder
   – Transcode

3. If your /var/lib/plexmediaserver directory is getting too big for the current location,
   – You can move it using a systemd override
   – You can probably reduce your metadata itself and turn off some default options which are chewing up space.

Thank you, Chuck. I apprecate all of your help.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.