SSL Certificate Errors

Replying to myself about @jmahaffey09’s issue.

iOS doesn’t provide any way to view, enable, or disable the built-in trusted Certificate Authorities. That’s annoying, but very Apple-like - and I don’t think the roots are the issue.

There isn’t any way to view SSL exceptions that have been made in Safari. Clearing Safari settings doesn’t make a difference. That’s just … well, it’s dumb, and it’s terrible security. It’s surprisingly bad.

Maybe the expired intermediate was added as an exception - perhaps Plex was visited by IP address - and now that exception is clogging up the works.

I tested, and resetting network settings DOES forget any Safari exceptions, at least in iOS 15. That’s certainly worth a shot.

Settings → General → Transfer or Reset iPhone → Reset , then select Reset Network Settings

Resetting Network Settings might even be necessary when upgrading iOS. Many network settings are normally preserved during upgrades.

(I’m still curious about the redacted hostname from the screenshot.)

You got it!!
It was ios declining the cert. Not sure, actually, if it has to do with iOS or the LetsEncrypt thing just recently… but it appears to only affect the older version of ios (apple being apple).
FYI, it does this in the Chrome app & Safari app.

On iOS, Apple requires all browsers to use Safari’s “WebKit” engine under the hood. So they all behave the same.

@gazmeist

Your server’s certificate is ok.

Valid Sun, 09 Jan 2022 13:17:45 +0000 Sun, 09 Jan 2022 13:17:56 +0000

PHT was released to public (opensourced) long ago.

If there are no other players with the certificate issue then the problem is clear ; PHT’s certificate needs to be upgraded (for which I think there is an update on Github)

Hello @ChuckPa
Can you please check my cert, I didn’t know users were having issues recently.
Cant access my server randomly.

Thanks

@RH2

Your certificate was valid but expiring the end of this month.

I reset it anyway.

Restart the server.

Haven’t quite figured why my iPad won’t connect anymore though - even did the reset network settings thing. Don’t appears to have any certificates showing up in General>Policies either - will keep digging

ty, have a good day

Hello,
could you please check my certificate as well?
I am using the plexkodiconnect add-on to sync with the plex media server, but since a few server-updates ago the synchronization is not possible anymore.
After reinstalling the pkc add-on, it is able to find the server but not the content due to an invalid ssl-certificate.
I assume it is a similar problem as others in this topic already had.

Thanks!

@ma_ra_gmx_de

Your certificate is valid but I reset it anyway.

Restart the server.

If it still does not play, then logs will be needed.

Hi

I am also having this exact same issue. Would it be possible for you to reset my cert as well? I currently cannot log in to Plex or claim my server at all.

Thanks

I am also having this issue. could I have my cert reset as well? cannot log into plex or claim my server as well.

@TheLemon22

Certificate reset. There were no indications of any problems with your docker container I could see at Plex.tv other than having multiple certificate requests on the same day.

Restart the container.

@beautifulflub_gmail_com

Your certificate is pristine and only 2 weeks old.
Are you certain it is a certificate error and not a networking/DNS error?

Thanks for the reset. Unfortunately I still cannot claim my server, nor can I even log in to Plex (the website or even the forums!) from my home network. I’m forced to have to post this request for help from my phone on an external network.

Do you have any idea what my issue might be? When I try accessing Plex.tv domains from my local network I get yelled at by Chrome for not having a secure connection?

@TheLemon22

What is the LAN IP of your server and of the machine you’re using to claim it?

If you’re forced to use an external mobile phone connection to post here,
Is your home network connected properly to the internet ?

If not then it sounds like your home modem/router isn’t working right.

My server’s LAN IP is 192.168.1.22

My desktop PC LAN IP (which I am trying to log in to Plex using) is 192.168.1.28

But even my phone, if I am connected to my wi-fi (same network) cannot log in to Plex website or forums or anything - it says “There was a problem signing into Plex”

It almost seems like Plex’s authentication servers have some issue with my network’s IP? I have my server fully powered off now and I still cannot log into my Plex account on this network.

From Linux’s command line mtr plex.tv

See how far it gets. It should resolve.

I’m using UnRAID for my server - it does not have mtr on the console and I don’t know if there’s a way to install it

On my Windows machine (the desktop I am using to try to log in to Plex and claim the server with) I have installed WinMTR and pinged plex.tv - it seems to resolve?

|------------------------------------------------------------------------------------------|
|                                      WinMTR statistics                                   |
|                       Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
|                           RT-AX86U-1EF0 -    0 |  173 |  173 |    0 |    1 |   32 |    1 |
|                              10.11.7.65 -    0 |  173 |  173 |    2 |    9 |  297 |    2 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|         tcore3-toronto63_39.net.bell.ca -    0 |  173 |  173 |    3 |    5 |   43 |    4 |
|tcore3-toronto63-bundle-ether44.net.bell.ca -    0 |  173 |  173 |    3 |    8 |   43 |    8 |
|       dis68-toronto63_2-0-0.net.bell.ca -    0 |  173 |  173 |    2 |    4 |   34 |    4 |
|       bx1-torontoxn_et1-0-0.net.bell.ca -    0 |  173 |  173 |    2 |    4 |   34 |    3 |
| ix-ae-9-0.tcore2.tnk-toronto.as6453.net -    0 |  173 |  173 |    2 |    4 |   44 |    2 |
| if-ae-8-2.tcore1.ct8-chicago.as6453.net -    0 |  173 |  173 |  104 |  106 |  138 |  105 |
|if-ae-26-2.tcore3.nto-newyork.as6453.net -    2 |  166 |  164 |  104 |  106 |  140 |  105 |
| if-ae-32-2.tcore2.ldn-london.as6453.net -    0 |  173 |  173 |  104 |  106 |  140 |  104 |
|                            80.231.20.82 -    0 |  173 |  173 |   94 |   97 |  126 |  107 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|                   No response from host -  100 |   34 |    0 |    0 |    0 |    0 |    0 |
|________________________________________________|______|______|______|______|______|______|
   WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider

Ugh, I unfortunately know nothing of unraid.

I tried to set it up in a VM so I could learn and support it.
I became frustrated and walked away from it.

One thing we can try (assuming you have access to the command line and can get to the “Preferences.xml” file)

Confirm you have the curl command at the unraid command line.

1. Stop Plex

2. Edit Preferences.xml and remove the following Name="Value" pairs from it
   – PlexOnlineUsername
   – PlexOnlineToken
   – PlexOnlineMail
   – PlexOnlineHome (this might not exist)

3. Save the edits

4. Stay in the terminal session

5. Open a new browser window to Claim | Plex

6. COPY the token it gives you to your browser

7. Start Plex

8. Return to the Unraid command line

9. curl -X POST 'http://127.0.0.1:32400/myplex/claim?token=PASTE_TOKEN_HERE'

10. It will take from 15-30 seconds for it to respond.

11. It will respond with a list of Feature flags in XML format. (</MyPlex> as the last line)

12. When this happens, the server is now claimed.

Thanks for your support so far Chuck.

Interestingly enough, I was able to claim the server by using another machine (my work laptop). I did not have any issues logging in to Plex with my laptop even on the exact same network as my desktop PC.

My plex server seems to be functional now. Unfortunately, I still cannot log in to my Plex account via my desktop PC which is on the exact same network as all my other devices. I have no idea what is going on there.