SSL Certificate Errors

Plex Media Server
,
62

Resetting certificate is only for a specific issue regarding an API limit that at this point only a few folks would have and would be evident in logs and your server account. Looking at your account you do not have the issue. If i reset it it would likely just make things worse and stop all devices from being able to connect.

To be clear there are multiple issues happening to folks that have similar symptoms but different causes. We recently discovered in this past week that the ISP Shaw actively blocks some plex domains with their “protect browsing” feature for example.

Unless you have a specific reason not to change your DNS to Googles or CloudFares which also will stop issues caused by DNS rebind that many default ISP DNSs have.

63

Hello. I just pulled this from my logs when trying to access Plex remotely (via Plexamp):

CERT: incomplete TLS handshake: tlsv1 alert unknown ca

Is this the same issue as others are reporting?

I have DNS rebinding disabled, router port forwarding is set up correctly, and Plex version is 1.19.4.2935 (running on Synology NAS).

Remote access was working fine until last weekend.

I just disabled Secure Connections, and remote access immediately began working. I do not want to leave the server in this state. I look forward to your feedback.

Update 7/14/20201, 16:39 ET: I have manually updated to the latest PMS version ( 1.23.5.4862). Remote access is again functioning as expected.

64

Having the same issue. Here are my logs:
CERT: incomplete TLS handshake: sslv3 alert certificate unknown
[CERT] TLS connection came in with unrecognized plex.direct SNI name

Any help would be greatly appreciated.

65

Hi… I have also the same issue…
I can reach my Web-application from outside my house… But app.plex.tv cannot connect, and therefor my TV-app cannot stream my movies.

Jul 27, 2021 10:40:29.410 [0x7f22563d2b38] Foutopsporing — Request: [77.61.154.89:59288 (WAN)] GET /:/websockets/notifications?filters=log (17 live) GZIP Signed-in Token (dennis.hilhorst@gmail.com)
Jul 27, 2021 10:40:29.411 [0x7f22563d2b38] Foutopsporing — WebSocket: Performing handshake from origin http://synohil.synology.me:50000
Jul 27, 2021 10:40:29.411 [0x7f22563d2b38] Foutopsporing — Beginning read from WebSocket
Jul 27, 2021 10:40:29.449 [0x7f2256a5bb38] Foutopsporing — Auth: authenticated user 1 as dennis.hilhorst@gmail.com
Jul 27, 2021 10:40:29.449 [0x7f22556a0b38] Foutopsporing — Request: [77.61.154.89:56296 (WAN)] GET /activities (17 live) GZIP Signed-in Token (dennis.hilhorst@gmail.com)
Jul 27, 2021 10:40:29.450 [0x7f2256a5bb38] Foutopsporing — Completed: [77.61.154.89:56296] 200 GET /activities (17 live) GZIP 1ms 350 bytes (pipelined: 9)
Jul 27, 2021 10:40:35.456 [0x7f2256a5bb38] Foutopsporing — CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Jul 27, 2021 10:40:36.958 [0x7f22566edb38] Foutopsporing — CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Jul 27, 2021 10:40:40.233 [0x7f2256a5bb38] Foutopsporing — CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Jul 27, 2021 10:40:40.261 [0x7f22566edb38] Foutopsporing — CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Jul 27, 2021 10:40:42.864 [0x7f2256a5bb38] Foutopsporing — CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Jul 27, 2021 10:40:42.873 [0x7f22566edb38] Foutopsporing — CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Jul 27, 2021 10:40:42.981 [0x7f22566edb38] Foutopsporing — CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Jul 27, 2021 10:40:45.238 [0x7f2256a5bb38] Foutopsporing — CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Jul 27, 2021 10:40:45.241 [0x7f22566edb38] Foutopsporing — CERT: incomplete TLS handshake: sslv3 alert certificate unknown

66

Hi ! I don’t where to ask, but I have this error :

CERT: incomplete TLS handshake: sslv3 alert certificate unknown

Is this possible to reset certificate ?

Best regards

67

@Karadoc

Certificate reset. You may restart the server

68

Thanks

69

Hi ! I don’t where to ask, but I have this error on my new server :

CERT: incomplete TLS handshake: tlsv1 alert unknown ca

Is this possible to reset certificate ?

Best regards

70

@jrf390

I reset the certificates for both active servers (Pi 4 & Syno).

Please restart both servers.

72

I had noticed about a month ago that Plexamp mysteriously stopped seeing my library when outside my LAN. I tried going through the troubleshooting, but nothing seemed to work except disabling secure connections. That got me going with Plexamp, but then I noticed this past week that I couldn’t use app.plex.tv anymore. So I re-enabled secure connections, and now I am once again not able to see my libraries using Plexamp outside my LAN (on both Android and Debian). It does not appear to be a NAT or DNS issue (I could see the server [a WD My Cloud Home] through the UPnP mapped port and I am using CloudFlare 1.1.1.1 on both ends). I did download the logs before I stupidly logged the server out and lost my connection (until I get home to sign it in again). It looks like I’m getting those “Incomplete TLS handshake errors” and wonder if I might have a certificate problem like the others here. I am attaching the full logs. Thanks for your helpPlex Media Server Logs_2021-08-05_15-50-19.zip|attachment (6.0 MB)

74

@ChuckPa Please reset my certificate, I currently cannot access my server locally at all.

plexlogs-2021-08-06.zip (2.2 MB)

Aug 06, 2021 14:17:37.768 [0x7f946327db38] DEBUG - CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Aug 06, 2021 14:17:37.771 [0x7f94632a0b38] DEBUG - CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Aug 06, 2021 14:17:37.772 [0x7f946327db38] DEBUG - CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Aug 06, 2021 14:17:37.772 [0x7f946327db38] DEBUG - CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Aug 06, 2021 14:17:37.775 [0x7f946327db38] DEBUG - CERT: incomplete TLS handshake: sslv3 alert certificate unknown

The server became accessible again after a reboot, but I’m still seeing a lot of certificate unknown in the logs - I’m not using a custom one.

75

@kazz3r24

Restart it

Cert has been reset

1 Like
76

Not sure why, but my server has become unresponsive again and I’m still seeing certificate errors after restarting previously.

plexlogs-2021-08-06-1707.zip (3.8 MB)

77

@ChuckPa It looks like I’m still getting certificate errors. I did restart the Plex service, do I need to do a full reboot?

Plex Media Server Logs_2021-08-06_18-52-34.zip (5.2 MB)

UPDATE Things appear to have stabilized for the moment.

78

@kazz3r24

I have no idea why your LAN is so problematic.

If it’s stable, don’t touch it? :smiley:

80

Hi, i have same problem with certificat, any idea ? you can reset this ?

Thank you

Aug 14, 2021 17:40:25.946 [0x7ff33fd18700] Débogage — CERT: incomplete TLS handshake: tlsv1 alert unknown ca
Aug 14, 2021 17:40:26.155 [0x7ff33fd18700] Débogage — CERT: incomplete TLS handshake: tlsv1 alert unknown ca
Aug 14, 2021 17:40:30.351 [0x7ff33f517700] Débogage — CERT: incomplete TLS handshake: tlsv1 alert unknown ca
Aug 14, 2021 17:40:30.614 [0x7ff33f517700] Débogage — CERT: incomplete TLS handshake: tlsv1 alert unknown ca
81

Certificate reset.
You may restart the server

82

Can someone please reset my certificateas well. All of sudden yesterday I lost remote connection to my server.

83

Sorry forgot to post the screenshot of my error. I believe its the same issue as others on this thread.

image
image810×138 37.9 KB

84

@singod

That doesn’t look like a typical certificate problem.

It looks more like two certificates fighting and the remote shutting down.

Regardless, I have reset your certificate (which was created 8 days ago and otherwise looks fine)