SSL Certificate Errors

Still not working after rebooting the router

eviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (9 live) GZIP 20001ms 5 bytes (pipelined: 17)
Oct 15, 2021 18:13:17.650 [0x7f5699c1eb38] Debug — Auth: authenticated user 1 as FLUDzilla
Oct 15, 2021 18:13:17.651 [0x7f5697ca3b38] Debug — Request: [192.168.1.217:42914 (Subnet)] GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (9 live) GZIP Signed-in Token (FLUDzilla)
Oct 15, 2021 18:13:17.651 [0x7f5697ca3b38] Debug — Content-Length is -1 (of total: -1).
Oct 15, 2021 18:13:37.652 [0x7f5699c1eb38] Debug — Completed: [192.168.1.217:42914] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (6 live) GZIP 20001ms 5 bytes (pipelined: 18)
Oct 15, 2021 18:13:37.754 [0x7f5699bfbb38] Debug — Auth: authenticated user 1 as FLUDzilla
Oct 15, 2021 18:13:37.755 [0x7f5697ca3b38] Debug — Request: [192.168.1.217:42914 (Subnet)] GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (6 live) GZIP Signed-in Token (FLUDzilla)
Oct 15, 2021 18:13:37.755 [0x7f5697ca3b38] Debug — Content-Length is -1 (of total: -1).
Oct 15, 2021 18:13:57.756 [0x7f5699bfbb38] Debug — Completed: [192.168.1.217:42914] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (6 live) GZIP 20001ms 5 bytes (pipelined: 19)
Oct 15, 2021 18:13:58.000 [0x7f5699c1eb38] Debug — Auth: authenticated user 1 as FLUDzilla
Oct 15, 2021 18:13:58.001 [0x7f5697ca3b38] Debug — Request: [192.168.1.217:42914 (Subnet)] GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (6 live) GZIP Signed-in Token (FLUDzilla)
Oct 15, 2021 18:13:58.001 [0x7f5697ca3b38] Debug — Content-Length is -1 (of total: -1).
Oct 15, 2021 18:14:06.507 [0x7f569930bb38] Debug — NetworkServiceBrowser: PLAYER arrived: 192.168.1.241
Oct 15, 2021 18:14:07.598 [0x7f5699c1eb38] Debug — CERT: incomplete TLS handshake from [::ffff:192.168.1.241]:55454: sslv3 alert certificate unknown
Oct 15, 2021 18:14:18.002 [0x7f5699bfbb38] Debug — Completed: [192.168.1.217:42914] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (7 live) GZIP 20001ms 5 bytes (pipelined: 20)
Oct 15, 2021 18:14:18.069 [0x7f5699bfbb38] Debug — Auth: authenticated user 1 as FLUDzilla
Oct 15, 2021 18:14:18.070 [0x7f5697ca3b38] Debug — Request: [192.168.1.217:42914 (Subnet)] GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (7 live) GZIP Signed-in Token (FLUDzilla)
Oct 15, 2021 18:14:18.070 [0x7f5697ca3b38] Debug — Content-Length is -1 (of total: -1).
Oct 15, 2021 18:14:38.071 [0x7f5699c1eb38] Debug — Completed: [192.168.1.217:42914] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (6 live) GZIP 20001ms 5 bytes (pipelined: 21)
Oct 15, 2021 18:14:38.122 [0x7f5699c1eb38] Debug — Auth: authenticated user 1 as FLUDzilla
Oct 15, 2021 18:14:38.123 [0x7f5697ca3b38] Debug — Request: [192.168.1.217:42914 (Subnet)] GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (6 live) GZIP Signed-in Token (FLUDzilla)
Oct 15, 2021 18:14:38.123 [0x7f5697ca3b38] Debug — Content-Length is -1 (of total: -1).
Oct 15, 2021 18:14:46.914 [0x7f5699bfbb38] Debug — CERT: incomplete TLS handshake from [::ffff:172.58.236.128]:27230: sslv3 alert certificate unknown
Oct 15, 2021 18:14:49.280 [0x7f5699bfbb38] Debug — CERT: incomplete TLS handshake from [::ffff:172.58.236.128]:52208: sslv3 alert certificate unknown
Oct 15, 2021 18:14:58.124 [0x7f5699bfbb38] Debug — Completed: [192.168.1.217:42914] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (8 live) GZIP 20001ms 5 bytes (pipelined: 22)
Oct 15, 2021 18:14:58.212 [0x7f5699bfbb38] Debug — Auth: authenticated user 1 as FLUDzilla
Oct 15, 2021 18:14:58.212 [0x7f5697ca3b38] Debug — Request: [192.168.1.217:42914 (Subnet)] GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (8 live) GZIP Signed-in Token (FLUDzilla)
Oct 15, 2021 18:14:58.212 [0x7f5697ca3b38] Debug — Content-Length is -1 (of total: -1).
Oct 15, 2021 18:15:10.485 [0x7f5699c1eb38] Debug — CERT: incomplete TLS handshake from 127.0.0.1:51586: sslv3 alert certificate unknown

Is there anything at all you can do regarding the cert?

That’s my laptop and phone (on mobile network). I still can’t connect externally

This is getting a bit frustrating

Any help you can give to resolve this would be greatly appreciated

Here’s the actual log when my phone attempted to authenticate:

deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (6 live) GZIP Signed-in Token (FLUDzilla)
Oct 15, 2021 18:14:38.123 [0x7f5697ca3b38] Debug — Content-Length is -1 (of total: -1).
Oct 15, 2021 18:14:46.914 [0x7f5699bfbb38] Debug — CERT: incomplete TLS handshake from [::ffff:172.58.236.128]:27230: sslv3 alert certificate unknown
Oct 15, 2021 18:14:49.280 [0x7f5699bfbb38] Debug — CERT: incomplete TLS handshake from [::ffff:172.58.236.128]:52208: sslv3 alert certificate unknown
Oct 15, 2021 18:14:58.124 [0x7f5699bfbb38] Debug — Completed: [192.168.1.217:42914] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (8 live) GZIP 20001ms 5 bytes (pipelined: 22)

Ah, so the phone is coming in over a Public IP and can’t authenticate due to cert.

Is this coming from the Mint or the Ubuntu?

I am inclined to uninstall and reinstall the mobile app – just to make sure it has a current cert.

@itsOgden

Your certificate was generated October 16 and is fine. (no Sept 30 boundary crossing)

If your problem with Remote Access is intermittent, we’ll need look elsewhere. Might you start a fresh thread please with Logs captured — right after you reconnect it having found it not working?

@hk10036_gmail_com

Your certificate is valid

Valid Fri, 15 Oct 2021 03:42:21 +0000 Fri, 15 Oct 2021 03:42:57 +0000

Are you still seeing the SNI errors in the logs after this date ?

Thanks for all the help Chuck

I’m not seeing the ssl errors any more but a las now my library is gonzo

will start a new thread

Hi @ChuckPa ! I am having issues with the web player, being unable to connect securely (or really at all) through https://app.plex.tv/desktop/#!/ . I can access it through the Apple TV app and on my phone though.
I looked at my logs and am seeing these sorts of errors:

Oct 16, 2021 06:46:27.963 [6058] WARN - HTTP error requesting GET https://188-151-210-78.7f278dd11f4a4727a691bcea17fa8ef5.plex.direct:19340/identity (0, No error) (SSL certificate problem: unable to get local issuer certificate)
Oct 16, 2021 07:11:57.276 [3404] DEBUG - CERT: incomplete TLS handshake: sslv3 alert certificate unknown

Any help would be appreciated, whether it be resetting certificates or something else. I’m running it on a MyCloud Home, so I am quite limited in troubleshooting it there.
Here are the logs in their entirety:
Plex Media Server Logs_2021-10-16_16-24-49.zip (4.6 MB)

@emil_dickson_gmail_com

I have reset your certificate. Please restart the server.

While looking at your account, I saw 3 other instances which have been inactive for more than 3 years.

I took the liberty of cleaning them up for you.

Thanks for investigating. When I tried the AppleTV Plex app on this go round I got this from the console/logs.
What stands out to me on this round are the lines at 11.02.03.835 that reference RSA key and Host key issues.

Oct 16, 2021 11:01:52.300 [0x304b7440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:01:52.448 [0x30197440] WARN - [CERT] TLS connection came in with unrecognized plex.direct SNI name '192-168-1-103.86e72740e92c4868b3f4cae08006fc67.plex.direct'; using installed plex.direct cert

Oct 16, 2021 11:01:52.493 [0x304b7440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:01:52.586 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:01:52.611 [0x304b7440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:01:52.658 [0x304b7440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:01:52.658 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:01:52.659 [0x304b7440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:01:52.715 [0x304b7440] WARN - [CERT] TLS connection came in with unrecognized plex.direct SNI name '192-168-1-103.64739cc081f14ce691c5b0a829ef4019.plex.direct'; using installed plex.direct cert

Oct 16, 2021 11:01:52.736 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:01:52.736 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:01:52.743 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:01:52.756 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:01:55.267 [0x3333b440] DEBUG - NetworkServiceBrowser: PLAYER arrived: 192.168.1.162

Oct 16, 2021 11:01:57.068 [0x30197440] DEBUG - Completed: [192.168.1.94:50369] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (17 live) GZIP 20001ms 5 bytes (pipelined: 12)

Oct 16, 2021 11:01:57.076 [0x30197440] DEBUG - Auth: authenticated user 1 as hk10036@gmail.com

Oct 16, 2021 11:01:57.076 [0x41fef440] DEBUG - Request: [192.168.1.94:50369 (Subnet)] GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (17 live) GZIP Signed-in Token (hk10036@gmail.com)

Oct 16, 2021 11:01:57.077 [0x41fef440] DEBUG - Content-Length is -1 (of total: -1).

Oct 16, 2021 11:02:03.405 [0x30197440] DEBUG - EventSource: Got event [data] '<Message host="184.105.148.83" port="443" command="startRelay"/>'

Oct 16, 2021 11:02:03.405 [0x30197440] DEBUG - Relay: reused an existing key for https://downloads.plex.tv/relay/relay_v1.pub

Oct 16, 2021 11:02:03.405 [0x30197440] DEBUG - Relay: starting relay.

Oct 16, 2021 11:02:03.405 [0x30197440] DEBUG - Job running: PLEXTOKEN=xxxxxxxxxxxxxxxxxxxxA' '/mnt/DroboFS/Shares/DroboApps/plex/Application/Plex Relay' '-p' '443' '-N' '-R' '0:127.0.0.1:32401' '-o' 'StrictHostKeyChecking=yes' '-o' 'UserKnownHostsFile=/mnt/DroboFS/Shares/DroboApps/plex/Library/Plex Media Server/Cache/relayHostKey.txt' '-o' 'LogLevel=VERBOSE' '-o' 'PreferredAuthentications=password' '-o' 'PubkeyAuthentication=no' '-l' 'hk10036@gmail.com' '-F' '/dev/null' '184.105.148.83'

Oct 16, 2021 11:02:03.409 [0x30197440] DEBUG - Jobs: Starting child process with pid 6115

Oct 16, 2021 11:02:03.835 [0x41fef440] ERROR - [PlexRelay] No RSA host key is known for [184.105.148.83]:443 and you have requested strict checking.

Oct 16, 2021 11:02:03.841 [0x41fef440] ERROR - [PlexRelay] Host key verification failed.

Oct 16, 2021 11:02:03.842 [0x2d927440] DEBUG - Jobs: '/mnt/DroboFS/Shares/DroboApps/plex/Application/Plex Relay' exit code for process 6115 is 255 (failure)

Oct 16, 2021 11:02:12.614 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:02:12.614 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:02:12.651 [0x304b7440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:02:12.651 [0x304b7440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:02:12.652 [0x304b7440] WARN - [CERT] TLS connection came in with unrecognized plex.direct SNI name '192-168-1-103.64739cc081f14ce691c5b0a829ef4019.plex.direct'; using installed plex.direct cert

Oct 16, 2021 11:02:12.682 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:02:12.682 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:02:12.690 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:02:12.694 [0x30197440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:02:13.607 [0x304b7440] DEBUG - CERT: incomplete TLS handshake: stream truncated

Oct 16, 2021 11:02:17.077 [0x30197440] DEBUG - Completed: [192.168.1.94:50369] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (15 live) GZIP 20001ms 5 bytes (pipelined: 13)

Oct 16, 2021 11:02:17.085 [0x304b7440]

MODERATOR EDIT: Added Code </> formatting for readability. Please consider using in the future

Hi ChuckPa,

Could you be so kind as to
(1) reset my certificate and
(2) tell me what else I have to do in order to get this certificate problem fixed?

Thank you so much for your help.

@chaos2403

Your certs were older than I am

I reset them.

Please restart the server.

@hk10036_gmail_com

Does your modem/router allow for setting DNS-rebinding protection exception rules?

If it does, please add *.plex.direct to it.

Something in your LAN is being VERY DNS strict
Has any equipment been changed recently ?

Thank you ChuckPa!

@ChuckPa
Had my cert reset last week. Still have remote roku device(s) that are intermittent with connection. Some days can access others can’t. Can you see anything from the most recent logs that stand out?
Everything is fine with remote connection via pc.

Thanks (442.1 KB)

If the connection is intermittent then it’s not the certificate.

your logs didn’t make it… You hit reply too soon.

Please retry?

@Zmeister68

I was just thinking… Have those devices had the app uninstalled then reinstalled ?

My roku 3 can be fussy at times.

I have also lost remote access to my server, in the logs I see the same cert errors mentioned above. This server had been running with no problems for over a year until a couple weeks ago.

Oct 16, 2021 20:42:36.251 [2468] DEBUG - CERT: incomplete TLS handshake from 10.10.10.10:50176: unsupported protocol
Oct 16, 2021 20:42:36.258 [2468] DEBUG - CERT: incomplete TLS handshake from 10.10.10.10:50177: unsupported protocol
Oct 16, 2021 20:42:36.264 [2468] DEBUG - CERT: incomplete TLS handshake from 10.10.10.10:50178: version too low

@Edno

May I have the full ZIP please?

Please restart Plex
Wait 2 minutes

Then download the logs ZIP

I can’t diagnose / confirm a cert issue with that one.

version too low is not an certificate-related error. It implies software encryption level/revision.

Thanks,I appreciate any help you can offer. This server has been running for a long time with no issues until recently. I can get external access if I enable relay, but that is obviously not ideal. The problem is only with remote access, everything works fine on the local network.

Plex Media Server Logs_2021-10-17_06-15-42.zip (2.8 MB)

I am getting

CERT: incomplete TLS handshake: tlsv1 alert unknown ca

But only on my PS5 (It works directly on my samsung TV still). Would resetting the cert fix this? If so, can this be done?

Any other tips appreciated. I have read quite a few comments and do not have a custom domain or a router that allows me to change DNS things.

Thanks!

Edit to add: Secure Connections are set to preferred.