CERT: incomplete TLS handshake: short read
hello how can i get a certificate check or reset?
hello can you please check or reset my certificate? Thanks
CERT: incomplete TLS handshake sslv3 alert certificate expired
Which server please ? (you have 5 listed; one is listed 3 times)
I cleaned up (removed) the dead server entries from your account (4 years not seen)
I reset one certificate from March (expired) on the PC.
Please restart the server and advise.
thank you i was seeingg the issue on my could home
Your MyCloudHome system has a new certificate.
To be certain, I reset it anyway.
Please restart the server,
If not resolved, Please provide log files as it’s likely the client and not the server.
Should be the most recently active defcon13. Mike-PC is one I set up at my Dad’s place; no idea if that one is having issues lately. I should only have those 2. Older defcons were probably from older Windows installations on this PC.
I’m still getting sslv3 alert certificate expired on defcon13 whenever I try to connect to it with OpenPHT. Everything was working fine 2 days ago.
The cert for defcon13 is current (yesterday).
Valid Thu, 18 Nov 2021 13:02:46 +0000 Thu, 18 Nov 2021 13:02:57 +0000
Has the server been restarted since?
OpenPHT? That’s the problem.
I see it in your logs. Its internal certificate has expired. This is being seen by several TVs as well. The Rasplex players also had the same problem.
The best solution is to recompile & update the internal cert.
Nov 20, 2021 02:37:34.887 [13588] DEBUG - CERT: incomplete TLS handshake from 192.168.1.150:30946: sslv3 alert certificate expired
Nov 20, 2021 02:37:35.081 [21628] DEBUG - Request: [127.0.0.1:30951 (Loopback)] GET /library/arts?sort=random (10 live) Page 0-49 Signed-in (range: bytes=0-)
Nov 20, 2021 02:37:35.081 [13588] DEBUG - Completed: [127.0.0.1:30951] 401 GET /library/arts?sort=random (10 live) Page 0-49 0ms 268 bytes (range: bytes=0-)
Nov 20, 2021 02:37:37.887 [21628] DEBUG - CERT: incomplete TLS handshake from 192.168.1.150:30961: sslv3 alert certificate expired
Nov 20, 2021 02:37:38.552 [13588] DEBUG - Completed: [127.0.0.1:30927] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (10 live) GZIP 20010ms 5 bytes (pipelined: 1)
Nov 20, 2021 02:37:38.563 [2460] DEBUG - Request: [127.0.0.1:30964 (Loopback)] GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (10 live) GZIP Signed-in Token (defurious)
Nov 20, 2021 02:37:38.563 [2460] DEBUG - Content-Length is -1 (of total: -1).
Nov 20, 2021 02:37:42.884 [21628] DEBUG - CERT: incomplete TLS handshake from 192.168.1.150:30969: sslv3 alert certificate expired
Nov 20, 2021 02:37:45.882 [21628] DEBUG - CERT: incomplete TLS handshake from 192.168.1.150:30971: sslv3 alert certificate expired
The alternative, being on the LAN, is you could allow it to work without auth.
(Settings - Server - Network - Show Advanced)
I managed to get it to work by allowing no auth. Was afraid I was gonna have to learn how to recompile OpenPHT. I see they put out a new update but it’s not a simple installer. I should probably learn how to do it anyway. Thanks again.
EDIT: Turns out I just needed to replace the cacert.pem from https://nzbget.net/info/cacert.pem as per FIXED - No more access to plex server · Issue #645 · RasPlex/RasPlex · GitHub.
All good now?
i did the no auth thing
it seems to have worked but my client was apple tv 4 i wonder if i can use auth again with the new cert
I reset the cert for your WD Cloud Home.
You need to restart the server for it to pull (download) its new certificate,
Once downloaded, normal authentication should work again.
UNDERSTOOD heaidng home to do that THANK YOU !
yep all good now. thanks
I’m seeing the incomplete TLS handshake: tlsv1 alert unknown ca issue as well.
Nov 20, 2021 23:06:38.664 [0x7fce4bfff700] DEBUG - HTTP 200 response from PUT Sign In | Plex
Nov 20, 2021 23:06:39.327 [0x7fce48b2e700] DEBUG - CERT: incomplete TLS handshake: tlsv1 alert unknown ca
I need more (full logs ZIP file please).
What you show me looks like the an old TLS layer with invalid CA.
Attempting to attach the logs file here.
Started looking into the issue due to server being accessible locally but says it’s not available outside the network. Pressing Retry shows it as available then goes back to unavailable.
Port is open according to several online port checkers.
It might turn green momentarily but at this point, it will go back to red because Plex.tv cannot contact PMS at the given port.
Nov 20, 2021 23:01:25.077 [0x7fce3ffff700] DEBUG - EventSource: Got event [data] '<Message address="XX.XX.XX.XX" port="32401" asyncIdentifier="db80b088-cc89-451e-bed7-564a6fd81cb4" connectivity="0" command="notifyConnectivity"/>'
Nov 20, 2021 23:01:25.077 [0x7fce3ffff700] DEBUG - PubSub: Got notified of reachability for async identifier db80b088-cc89-451e-bed7-564a6fd81cb4: 0 for 71.56.58.32:32401 (responded in 9688 ms)
Nov 20, 2021 23:01:25.077 [0x7fce3ffff700] DEBUG - MyPlex: reachability check - current mapping state: 'Mapped - Publishing'.
Nov 20, 2021 23:01:25.077 [0x7fce3ffff700] DEBUG - MyPlex: mapping state set to 'Mapped - Not Published (Not Reachable)'.
Did you manually specify port 32401 ?
Are you running multiple servers ?
In the SSL/TLS,
Nov 20, 2021 23:03:55.349 [0x7fce48b2e700] DEBUG - Completed: [192.168.2.75:62160] 200 GET /myplex/account (9 live) TLS GZIP 0ms 3326 bytes (pipelined: 12)
Nov 20, 2021 23:03:55.618 [0x7fcde27fc700] DEBUG - HTTP 200 response from PUT https://plex.tv/devices/e8dfb7afe8bd686ff16878e18a0c0f485656c32b?Connection[][uri]=http://192.168.2.122:32400&httpsEnabled=1&httpsRequired=0&dnsRebindingProtection=0&natLoopbackSupported=0&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Nov 20, 2021 23:03:56.671 [0x7fce3ffff700] DEBUG - CERT: incomplete TLS handshake: tlsv1 alert unknown ca
what device is attempting to connect?
I did manually specify 32401, which is set in my NAT. Port checking websites are showing that port as open as well.
As for the device ending in .75, that’s a Desktop PC running Windows.
