SSL Certificate Errors

Plex Media Server
,
1055

@Jacobh06

Thanks.

Please make 100% certain that all files under /var/lib/plexmediaserver (or wherever you placed it) are owned by plex:plex (or the username you’re running it as).

What I’m seeing in your logs signifies the certificate is invalid for *.plex.direct which would happen if you moved a server to a new machine and it couldn’t update itself.

Your server has made 4 certificate requests in 4 days which is far too frequent. There should be one per 90 days

I have reset your certificate as well.

After setting ownership, Please restart the server, then restart the player/client apps so everyone updates to the new certificate.

1056

Things are looking much better now :slight_smile:

Thanks for the help!

1057

Super long thread, eh?

I’m receiving the below. Is this something I can fix myself or do I need a cert reset?

[CERT] TLS connection from [::ffff:xxx.xxx.0.1]:37386 came in with unrecognized plex.direct SNI name '192-168-0-20.298f858731344671a465715612cfce73.plex.direct'; using installed plex.direct cert

Best - Michael

Unable to connect securely (from app.plex.tv)
1058

@mfabache

We’re a fun bunch :sunglasses:

I see you have multiple servers on your account; many of them with the same name (****-Docker) as well as others.

What would you like me to do?

Need info please.

1059

I was using claim and slowly understanding it (hence all the multiples) - I believe I have deleted the bogus/invalid servers. You should only see 1.

1060

@mfabache

I found the right server.

Cleared out the others which were no longer used.

Reset the certificate for the current one even though it is valid.

Restart the server.

If you are still getting problems, Check file & directory ownership (correct UID/GID) in the container so PMS can write the new/correct certificate.

1061

@ChuckPa

I woke up this morning to a clean console log report (well, devoid of CERT errors).
My uid/gid settings were already correct
I did not restart the server.

I’ve been watching for an hour or so and no more cert errors! Thanks for reseting the cert.

Thanks for the help, although its 7am, take the rest of the day off

Michael

1062

@ChuckPa Can I get my cert looked at and reset if necessary please? i just starting having connections issues with users in the last week

1063

@mackattackwpg

Certificate looks ok.

Valid	Fri, 31 Dec 2021 22:00:11 +0000	Fri, 31 Dec 2021 22:00:21 +0000

What issues, can you show me from the log files?

1064

@ChuckPa
Jan 08, 2022 20:47:59.538 [11440] DEBUG - CERT: incomplete TLS handshake from [::ffff:206.45.7.184]:37212: sslv3 alert certificate expired
Plex Media Server Logs_2022-01-08_20-54-34.zip (8.6 MB)

1065

@mackattackwpg

That device’s certificate is expired. Your server is fine.

Is that device one of these ?

1066

Yes. They have changed that setting and I have as well on the server side and they still get an error. That’s why I thought that it was a certificate error. I’ll tell them to get newer streaming devices if they want to continue using it.

1067

Buenas, estoy teniendo problemas con mi certificado desde apple.

Podrían ayudarme?

Muchas gracias.

1068 
Valid	Wed, 29 Dec 2021 14:58:48 +0000	Wed, 29 Dec 2021 14:58:58 +0000

Your certificate is valid.
Can you please show me the log files ZIP where you are seeing the error?

Su certificado es válido.
¿Puede mostrarme los archivos de registro ZIP donde está viendo el error?

1069

I think I’m in the same boat as well. On my TCL 65R625 television, when I try to look at my local media stored on my Asustor 5200T NAS, I get a big screen saying my NAS is currently unavailable. The Console on https://app.plex.tv (where I can see my local media just fine) says:

“plaintext connection from [::ffff:192.168.1.148]:60702 rejected because secure connections are required”

when I try to access that. However, I can log onto my NAS without issue via my browser.

If I try launching the Plex Media Server app from my NAS’ page, the browser tab it opens says:

“# The connection to 192.168.1.2 is not secure”

That address is my NAS where I’m happily logged in with https. If I tell that page to continue anyway, it says the page isn’t working and that console window says:

“plaintext connection from [::ffff:192.168.1.182]:51025 rejected because secure connections are required”

If I click on the View Site Information area of the browser’s URL bar, it says:

“Certificate is not valid”

If I click on that message, the certificate appears ok, was issued from “R3, Let’s Encrypt, US” and is valid from 01/05/202 to 04/05/2022.

There doesn’t appear to be any problem at my pfSense box’s level.

I have not set Plex up to be accessed remotely. This is just local across my local network.

Looking at Plex Media Server.log, I see:

“CERT: incomplete TLS handshake from [::ffff:192.168.1.182]:51030: sslv3 alert certificate unknown”

I’ve attached the whole zip file of logs.

Everything’s been updated, shut down and rebooted repeatedly.

Plex Media Server Logs_2022-01-13_12-44-14.zip (803.3 KB)

1070

@posiblessyro

You’ve apparently set secure connections as REQUIRED in Settings - Server - Network ??

If you wish,

  1. Change REQUIRED to PREFERRED and retest.

  2. If the TV still does not respond,
    – Add its IP address in the “Hosts allowed without authentication” (be careful not to have any leading or trailing spaces in that)

  3. If after all that, the TV is still not accessible then it indeed , most likely, has an expired internal certificate.

1071

Yep. I want secure connections to be required. Are you saying that the TCL 65R625, essentially a two year old television, will no longer be able to access Plex across secure connections? What about the same issue I’m seeing with my Asustor 5200T NAS (which is still getting Plex Media Server app updates)? Why will that app not connect properly?

1072

Regarding the TV, this is what we know.

If your TV is one which is NO LONGER GETTING UPDATES then there’s nothing we can do except recommend you get a set top box for it. Nvidia Shield Pro, Roku Ultra, – something of that nature.

( My nephew has a 2.5 year old 4K Samsung with this problem. He grabbed the new Roku Ultra)

Regarding the certificate being UNKNOWN, Do you have your own certificate involved here somewhere? Perhaps attached / installed in the NAS itself?

If true, did you inform Plex of the certificate?

1073

The 65R625 is a Roku based TV. I can’t find any association with Tizen. It’s still getting firmware updates (the last one (10.5 build 4210-88) was release this month (I believe)). So, I don’t think that’s the issue.

However, I AM using my own certificate for my NAS. You ask if I’ve informed Plex of that certificate. But, how would I inform Plex of that? I don’t see anything in my account on plex.tv or in either of the apps (TV or NAS).

EDIT: I found an article that at least got the television app working:

I’d forgotten a setting in my pfSense box. I had to add:

server:
private-domain: "plex.direct"

to Custom Options at the bottom of pfSense’s Services > DNS Resolver > General Settings. Once I did that, the television app started working. I’ll work on the certificate thing for my NAS now. I’m thinking that’s something to do with the Custom Certificate Location:

1074

Check the date of the firmware in the TV. Make 100% certain it’s up to date.

It appears the most recent firmware is

If 02.01.2020 is the most recent firmware, it’s likely not going to contain an updated device certificate to address the Let’s Encrypt 30-Sept-2021 expiration.