SSL Certificate Errors

ChuckPa · December 7, 2021, 8:01pm

I just looked at your account. The number of certificate requests is not normal.

https://acme-v02.api.letsencrypt.org/acme/order/XXXX/25536962670	Valid	Sun, 19 Sep 2021 03:30:27 +0000	Sun, 19 Sep 2021 03:30:38 +0000
https://acme-v02.api.letsencrypt.org/acme/order/XXXX/40538674870	Valid	Thu, 18 Nov 2021 04:30:25 +0000	Thu, 18 Nov 2021 04:30:34 +0000
https://acme-v02.api.letsencrypt.org/acme/order/XXXX/44886836060	Valid	Sun, 05 Dec 2021 09:11:28 +0000	Sun, 05 Dec 2021 09:11:41 +0000
https://acme-v02.api.letsencrypt.org/acme/order/XXXX/44910074350	Valid	Sun, 05 Dec 2021 11:25:22 +0000	Sun, 05 Dec 2021 11:25:34 +0000
https://acme-v02.api.letsencrypt.org/acme/order/XXXX/44916646990	Valid	Sun, 05 Dec 2021 12:03:52 +0000	Sun, 05 Dec 2021 12:04:01 +0000

This is telling me that your PMS is not able to save the certificate after downloading.

The most likely candidates for issues are:

UID / GID of the directories and files not matching the PLEX_UID/PLEX_GID -or- PUID/PGID of the container

-and/or-

Permissions of the /config/Library/Application Support/Plex Media Server/Cache directory do not allow the certificate to be updated.

Your DEBUG log files, collected after restarting Plex, should show if this is a permissions problem.

Nostromo81 · December 10, 2021, 8:38am

Hi,

Same issue on Plex (linux). Thread: Not secure available since server move (https://forums.plex.tv/t/ssl-certificate-errors/726486/900)

Thank you!
Thomas

ChuckPa · December 10, 2021, 2:51pm

@Nostromo81

Your server certificate is fine.

	Valid	Mon, 11 Oct 2021 19:14:42 +0000	Mon, 11 Oct 2021 19:14:53 +0000

What is the problem you’re experiencing?

Is it a problem with a Television?

Nostromo81 · December 10, 2021, 5:55pm

Several TV have a certificate error, also when I am accessing from outside via Browser i have the a untrusted connection - or it is not showing my libraries.

It all started after migrating the server from an old Ubuntu laptop to a Hyper-V Ubuntu.

I always see an error about TLS in the Logs.

CERT: incomplete TLS handshake from 165.225.200.213:5183: sslv3 alert certificate unknown

ChuckPa · December 10, 2021, 6:17pm

@Nostromo81

Do any of the devices fall into this list? (This is not an exhaustive list)

scottmoore · December 10, 2021, 7:05pm

Hello, I appear to be having a similar “certificate unknown” error when trying to connect to my server from Android phones (Samsung and Roku TV’s connect fine).

Here are my logs, please let me know if you there’s anything else you need from me.
Plex Media Server Logs_2021-12-10_12-02-34.zip (4.5 MB)

ChuckPa · December 10, 2021, 7:59pm

@scottmoore

Is this a TV or a phone?

Dec 10, 2021 10:51:29.666 [15412] DEBUG - [Now] User is scottmoore (ID: 1)
Dec 10, 2021 10:51:29.666 [15412] DEBUG - [Now] Device is Android (Android).
Dec 10, 2021 10:51:29.667 [15412] DEBUG - [Now] Profile is Android
Dec 10, 2021 10:51:29.667 [15412] DEBUG - [Now] Updated play state for /library/metadata/219375.
Dec 10, 2021 10:51:29.667 [15412] DEBUG - Statistics: (6e450e97-85a1-4bec-af85-72acd6bcd12b) Reporting active playback in state 0 of type 10 (scrobble: 0) for account 1
Dec 10, 2021 10:51:29.669 [16792] DEBUG - Completed: [208.98.223.30:34782] 200 GET /:/timeline?state=playing&duration=282618&time=200&playQueueItemID=218562&key=%2Flibrary%2Fmetadata%2F219375&ratingKey=219375&playQueueID=5635&playQueueVersion=1&containerKey=%2FplayQueues%2F5635&hasMDE=1&includeFields=thumbBlurHash (28 live) TLS GZIP 6ms 374 bytes (pipelined: 13)

scottmoore · December 10, 2021, 8:02pm

This is a phone.

ChuckPa · December 10, 2021, 8:19pm

I’m not seeing any certificate errors there.

What are you seeing and where please ? Screenshot possible ?

scottmoore · December 10, 2021, 8:32pm

From my android app I get the message that my server is offline.

This isn’t accurate though as I am concurrently logged into the server on my laptop and watching the console as that connection is attempted. This is where I see the certificate error:

I am happy to send anything else that helps, just let me know.

ChuckPa · December 10, 2021, 8:36pm

Restart your phone and try it again.

I have learned they updated the backend. TLS 1.2 → TLS 1.3 seems to be what happened (although not entirely clear)

I suspect the phone needs to renegotiate

If that gives no relief, Please download your logs again after that attempt and will go on

scottmoore · December 10, 2021, 8:47pm

Unfortunately still the same result - server appears offline on android app.

Incidentally, the Windows app is able to connect and display my libraries, however I get the following error message when attempting playback.

An unknown error occurred (4294967283)
Error code: 4294967283

Here are the logs after that attempt as well.

Plex Media Server Logs_2021-12-10_13-46-40.zip (4.6 MB)

ChuckPa · December 10, 2021, 8:51pm

I just used my web browser to go direct to the IP Plex.tv has for your server.

It responded.

This is a phone app problem.

Which is your preference ?

Reset the customizations and choose the server again ?
Reinstall the app and choose the server then set customizations ?

scottmoore · December 10, 2021, 8:56pm

Yes, that has also been what’s puzzled me as I too have been successful going directly to plex.tv and playing from there - from the same machine that the Windows app does not work from.

I have actually already reinstalled the app on my phone as well before contacting you. Don’t mind trying again, but I wouldn’t expect it to help at this point (unless anything has changed on your side?).

Also, fwiw, my wife’s phone (also Android) is not able to connect to the server either so definitely not just isolated to my phone.

ChuckPa · December 10, 2021, 9:54pm

While this isn’t funny… I’m glad I don’t use Android

I will go ask a few more folks about how to dig deeper on this.

scottmoore · December 10, 2021, 10:10pm

Much appreciated, thank you!

EsSharing · December 11, 2021, 8:37am

@ChuckPa no problem of permission, I myself deleted the p12 to force its renewal

the tls 1.3 goes without worries locally, but not remotely via the domain (tls negotiation failure in the iphone logs)

Nostromo81 · December 11, 2021, 9:17am

Yes. Good to know for the older TV-set.
Now also the up2date browser from outside are working… I noticed a wrong timezone on the Ubuntu server… and some 10 min time/shif…

Thx
Thomas

ChuckPa · December 11, 2021, 6:39pm

@EsSharing

I’m following what’s happening on the backend changes.

I’m also not getting a clear understanding.

I know what they did (abstract) but no details with which to help here.

I am still trying to resolve.

If you allow settings as “Preferred”, does it connect ok remotely?

EsSharing · December 11, 2021, 9:06pm

probs solved

Topic		Replies	Views
Plex Employee to Reset Server Certificate? "API rate limit exceeded" error Desktops & Laptops server-windows	521	8441	November 1, 2023
Plex remote access issues - cannot connect securely Remote Access server-unraid	330	2148	December 15, 2025
Plex Certificate "404" -- Unable to obtain Certificate from cloud Plex Media Server	485	2260	April 22, 2021
Secure connection not working after last update Remote Access server-linux	149	3643	June 7, 2021
I cannot access my server with a browser but i can with the Plex app Remote Access server-mac , plex-web	278	8250	May 31, 2022

SSL Certificate Errors

Related topics