I double-clik on the Plex icon
It launches a browser with the URL : http://127.0.0.1:32400/web/index.html#!/
There is an exclamation mark at the left of the URL
When I click on it, the popup is named “About 127.0.0.1:32400”
Content : This website has no certificate
Then, it I add by myself https:// before the URL, I get the previously mentionned message :
This server could not prove that it is 127.0.0.1. Its security certificate comes from * .2f24106xxxxxxxxxxxxxxxxxxxx9a.plex.direct.
Nov 29, 2021 09:48:09.854 [5912] DEBUG - Running migrations. (EPG 0)
Nov 29, 2021 09:48:09.883 [5912] DEBUG - ChangestampAllocator: initialized to 122070
Nov 29, 2021 09:48:09.889 [5912] DEBUG - Opening 2 database sessions to library (com.plexapp.plugins.library.blobs), SQLite 3.35.5, threadsafe=1
Nov 29, 2021 09:48:09.893 [5912] DEBUG - Running migrations. (EPG 0)
Nov 29, 2021 09:48:09.909 [5912] DEBUG - [CERT] Subject name is /CN=*.e4bf329e2ddb442d95e98f37a09832bd.plex.direct
Nov 29, 2021 09:48:09.909 [5912] DEBUG - [CERT] Installed certificate with fingerprint 61:fc:4e:b4:6f:f8:0c:30:02:f5:d3:09:82:2b:41:73:73:58:70:85.
Nov 29, 2021 09:48:09.909 [5912] DEBUG - [CERT/OCSP] Stapling requests will be made to 'http://r3.o.lencr.org/'.
Nov 29, 2021 09:48:09.909 [5912] INFO - [CERT/OCSP] Successfully retrieved response from cache.
Nov 29, 2021 09:48:09.910 [5912] DEBUG - HttpServer: Listening on IPv6 as well as IPv4.
Nov 29, 2021 09:48:09.910 [5912] DEBUG - HttpServer: Listening on port 32400.
Nov 29, 2021 09:48:09.910 [5912] DEBUG - HttpServer: Listening on port 32401.
Nov 29, 2021 09:48:09.947 [10132] DEBUG - Grabber: Cleaning up orphaned grabs.
Nov 29, 2021 09:48:09.947 [5912] DEBUG - Media Provider: Registering provider com.plexapp.plugins.library
“http” is not secure - no certificate involved
“https” is secure - now there’s a certicate
We don’t run https on 127.0.0.1
This
Nov 29, 2021 09:48:12.790 [7440] DEBUG - CERT: incomplete TLS handshake from [::ffff:132.***.***.62]:57008: sslv3 alert certificate unknown
The certificate is UNKNOWN. It says nothing about being INVALID.
As previously discussed, you state that’s the work computer.
If they are forcibly applying their certificate, which is common practice, then you are simply “out of luck” unless you can ADD that certificate to plex.
You’re trying to play content from your home server on your work computer and it’s giving you problems?
If that’s the case, your best resolution is to speak to the administrators and ask them to grant you the exception. You won’t be able to force/fake it otherwise.
Yes, that is correct. I try to play content from home Plex server to work Plex app (could be either web app, or Windows app).
I can make it work by using the IP adress. I have other issues as well (eg. ~20 seconds before content starts) and I know that I will have to discuss that in the proper thread. But I was trying to rule out this issue of my other issues.
In Tautili logs found the last succesfull play being 15 nov 2021, way past 30 sept.
If it really is the infamous LE problem, then why doesnt Plex change its dependency to another CA? Cant imagine LE being the only one installed on the TV?
It’s not restricted to Plex. The TV’s “root certificate” , which is installed by Samsung, is expired.
The solution for you – Add the exception in "Settings - Server - Network - Show Advanced - IP addresses allowed without Auth.
Make certain there are no leading or trailing spaces (Plex/web doesn’t parse them out for you)
Before you ask further, Asking Plex to support a device which isn’t supported by its manufacturer anymore – There’s nothing we can do. We don’t have the ability to update the TV’s firmware.
This is planned obsolescence – or – just plain laziness on Samsung’s part
Thanks, but unfortunately it did’t.
Log shows Request came in with unrecognized domain / IP xxx.xxx.xxx.xxx in header Host; treating as non-local.
I dont have reverse proxies or other exotic setups running, just a router with upnp. I’ve tried port forwarding, but that doesnt change anything.
I can’t imagine adding my public IP to the no auth list is the solution.
– update
it appears that i DO have an Nginx reverse proxy running on my Synology. I probably have to change a config line to have the external IP presented correctly to Plex. You have any suggestions?
proxy.conf has this in it:
proxy_set_header X-Forwarded-By $server_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
Log shows Request came in with unrecognized domain / IP xxx.xxx.xxx.xxx in header Host; treating as non-local.
That line, in isolation, is rather meaningless as well as harmless – UNLESS – you’re trying to setup a remote no-auth-required configuration. In that case, it’s telling you that you’re not masking all the information needed.
I’ve looked into the nginx proxy setup, but looks like it only serves the Synology DSM web gui.
As for the unrecognised domain line; isnt a remote no-auth exactly what you suggested? I’ve added the remote IP to the no auth config of Plex.
Maybe I should send you the logs anyway Plex Media Server Logs_2021-11-30_17-28-49.zip (3.5 MB)
Nov 30, 2021 13:08:05.929 [0x7f0260836b38] DEBUG - Request came in with unrecognized domain / IP 's45.84.41.144' in header Host; treating as non-local
Nov 30, 2021 13:08:05.929 [0x7f0260836b38] DEBUG - Auth: authenticated user 19361124 as lokerseeh@gmail.com
Nov 30, 2021 13:08:05.929 [0x7f025fddcb38] DEBUG - Request: [82.174.137.68:44606 (Allowed Network (WAN))] GET /:/websockets/notifications (4 live) TLS GZIP Signed-in Token (lokerseeh@gmail.com)
Nov 30, 2021 13:08:05.930 [0x7f025fddcb38] DEBUG - WebSocket: Performing handshake from origin file://
Nov 30, 2021 13:08:05.930 [0x7f025fddcb38] DEBUG - Beginning read from WebSocket
You have a typo: 's45.84.41.144' , It thinks it’s a domain name.
well, as I said, I didnt change anything. I’m running a system wide grep on s45.84.41.144, with a little luck it’ll show up in some config, although I fear the worst.
omg I really dont want to do this lol.
But you being a Syno god, is it really so that plex is put behind a nginx reverse proxy on dsm7?
I dont know where to start looking. I did play with linux before, but that was debian.
How is the plex server set up on dsm? Maybe there is something wrong with the plex config? I’m running the latest PlexMediaServer-1.24.5.5173-8dcc73a59-x86_64_DSM7.spk
Where are the config files hidden?
On DSM 7, Plex runs as a native Linux application, just as it would on Debian/Ubuntu/Redhat/Fedora/Centos except with different directory structure and username. The same binary executables used on Linux are used on DSM 7.
There’s nothing wrong with the Plex config on DSM 7 unless you’ve customized the setttings in “Settings - Server - Network” or “Settings - Server - Remote Access”.
I don’t hide anything on DSM 7. It’s all visible in the “PlexMediaServer” shared folder.
I WILL CAUTION –
Do not modify files in there without understanding -
Plex runs as a non-privileged username on DSM 7 just like it runs as plex on desktop Linux.
It has no means to self-correct any file permission breakage (this is a new restriction imposed by DSM 7). If you break it – You fix it.
What is preventing you from using a normal DDNS / FQDN and adding your FQDN in the “Custom Server Access URL” ? That’s how I do it. My FQDN is listed there without any proxy hocus-pocus
