I dont use own certificate, Ill check if I can create a DNS resolver
Rebooted once more after your cert reset, now Im getting
CERT: incomplete TLS handshake: sslv3 alert bad certificate
Logs please (ZIP)
Here you go Plex Media Server Logs_2021-08-22_11-59-44.zip (2.2 MB)
- It loads the cert and is happy.
Aug 22, 2021 11:57:58.104 [5412] DEBUG - Running migrations. (EPG 0)
Aug 22, 2021 11:57:58.129 [5412] DEBUG - [CERT] Subject name is /CN=*.aee8704a8da54b9592ee9a333a12f7ff.plex.direct
Aug 22, 2021 11:57:58.129 [5412] DEBUG - [CERT] Installed certificate with fingerprint 12:44:78:81:7d:d9:75:71:ad:58:ff:ba:df:4f:13:ee:5f:be:b4:bb.
Aug 22, 2021 11:57:58.129 [5412] DEBUG - [CERT/OCSP] Stapling requests will be made to 'http://r3.o.lencr.org/'.
Aug 22, 2021 11:57:58.129 [5412] INFO - [CERT/OCSP] Successfully retrieved response from cache.
Aug 22, 2021 11:57:58.130 [5412] DEBUG - HttpServer: Listening on IPv6 as well as IPv4.
Aug 22, 2021 11:57:58.130 [5412] DEBUG - HttpServer: Listening on port 32400.
Aug 22, 2021 11:57:58.131 [5412] DEBUG - HttpServer: Listening on port 32401.
Aug 22, 2021 11:57:58.174 [2792] DEBUG - Grabber: Cleaning up orphaned grabs.
Aug 22, 2021 11:57:58.175 [5412] DEBUG - Media Provider: Registering provider com.plexapp.plugins.library
startup continuing normally.
Aug 22, 2021 11:58:01.993 [7044] DEBUG - HTTP requesting POST https://plex.tv/servers.xml?auth_token=xxxxxxxxxxxxxxxxxxxx
Aug 22, 2021 11:58:02.009 [2804] DEBUG - [EventSourceClient/pubsub] Connected in 16 ms.
Aug 22, 2021 11:58:02.009 [6528] DEBUG - [EventSourceClient/pubsub] Wrote data, reading reply.
Aug 22, 2021 11:58:02.175 [6828] DEBUG - HTTP/1.1 (0.2s) 200 response from PUT https://plex.tv/devices/9eada970e7a89112fa2afb07f24cf2c0912b282d?Connection[][uri]=http://10.1.3.20:32400&httpsEnabled=1&httpsRequired=0&dnsRebindingProtection=0&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx (reused)
Aug 22, 2021 11:58:02.179 [6828] DEBUG - CERT: Certificate will not expire soon; we'll check again in a week.
Aug 22, 2021 11:58:02.230 [2792] DEBUG - [MediaProviderManager] HTTP/1.1 (0.2s) 200 response from GET https://plex.tv/media/providers?X-Plex-Token=xxxxxxxxxxxxxxxxxxxx (reused)
Aug 22, 2021 11:58:02.230 [2792] DEBUG - [MediaProviderManager] discovered cloud provider (Movies & TV)
Aug 22, 2021 11:58:02.230 [2792] DEBUG - [MediaProviderManager] discovered cloud provider (Music)
Aug 22, 2021 11:58:02.230 [2792] DEBUG - [MediaProviderManager] discovered cloud provider (Metadata)
The app (browser) connecting to the server is what refused.
live) GZIP Signed-in Token (windguruu)
Aug 22, 2021 11:58:42.347 [7012] DEBUG - Content-Length is -1 (of total: -1).
Aug 22, 2021 11:58:44.628 [2804] WARN - [CERT] TLS connection came in with unrecognized plex.direct SNI name '10-1-3-20.bf28fd7959774c81bab973050e0dfa41.plex.direct'; using installed plex.direct cert
Aug 22, 2021 11:58:44.667 [2804] WARN - [CERT] TLS connection came in with unrecognized plex.direct SNI name '10-1-3-20.bf28fd7959774c81bab973050e0dfa41.plex.direct'; using installed plex.direct cert
Aug 22, 2021 11:58:44.681 [6528] DEBUG - CERT: incomplete TLS handshake: sslv3 alert bad certificate
Aug 22, 2021 11:58:49.782 [2804] DEBUG - CERT: incomplete TLS handshake: An existing connection was forcibly closed by the remote host
Aug 22, 2021 11:58:49.787 [2804] DEBUG - CERT: incomplete TLS handshake: An existing connection was forcibly closed by the remote host
Aug 22, 2021 11:59:02.348 [2804] DEBUG - Completed: [127.0.0.1:62361] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (10 live) GZIP 20000ms 5 bytes (pipelined: 7)
Aug 22, 2021 11:59:02.356 [2804] DEBUG - Auth: authenticated user 1 as windguruu
Aug 22, 2021 11:59:02.356 [7012] DEBUG - Request: [127.0.0.1:62361 (Loopback)] GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (10 live) GZIP Signed-in Token (windguruu)
Aug 22, 2021 11:59:02.357 [7012] DEBUG - Content-Length is -1 (of total: -1).
Aug 22, 2021 11:59:14.716 [2804] WARN - [CERT] TLS connection came in with unrecognized plex.direct SNI name '10-1-3-20.bf28fd7959774c81bab973050e0dfa41.plex.direct'; using installed plex.direct cert
Aug 22, 2021 11:59:14.753 [2804] WARN - [CERT] TLS connection came in with unrecognized plex.direct SNI name '10-1-3-20.bf28fd7959774c81bab973050e0dfa41.plex.direct'; using installed plex.direct cert
Aug 22, 2021 11:59:14.768 [6528] DEBUG - CERT: incomplete TLS handshake: sslv3 alert bad certificate
Aug 22, 2021 11:59:22.358 [2804] DEBUG - Completed: [127.0.0.1:62361] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (8 live) GZIP 20001ms 5 bytes (pipelined: 8)
Aug 22, 2021 11:59:22.366 [2804] DEBUG - Auth: authenticated user 1 as windguruu
Aug 22, 2021 11:59:22.366 [7012] DEBUG - Request: [127.0.0.1:62361 (Loopback)] GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (8 live) GZIP Signed-in Token (windguruu)
Full restart on the browser ?
This has every indication of a cert not being identified… and I do not understand Windows. (this is a Linux thread – which I do understand )
Click the allow. See where it takes you… then grab the logs.
Something is screwed down super tight there.
“Secure Connections” == REQUIRED ?
Secure connections is set to Preferred
Interesting after allowing insecure on the client side the content loads.
Log after allowing on client Plex Media Server Logs_2021-08-22_12-14-07.zip (2.2 MB)
Also tested on a differnt client (windows)same message on screen once allowed it loads content
Ill create a new topic for Windows support, iOs, OSX app and Windows app work locally.
Only web is not working and I still see TLS sslv3 alert bad certificate messages
Please try to understand.
I don’t understand how Windows, certificates, and its antivirus and all that comes into play.
It is a platform I do not use. I don’t even have a VM of it. it’s that foreign to me.
FWIW: I don’t have a Mac either. The closest I get are Apple portable devices.
Please create a fresh thread – tagged “Server-Windows”.
I will move your posts if that’s easier ?
Thanks for your help! At least Im back able to stream locally
Edit: created new post thanks @ChuckPa
It seems i was not on the most recent version of the server software (due to not being up long enough to auto update) I manually updated and all seems fine. sorry for the confusion and I appreciate all the help.
i am running plex on synology and am getting the plex handshake issue “CERT: incomplete TLS handshake: tlsv1 alert unknown ca” it work on my laptop. sometimes plex thinks it can see it remotely. sometimes not. laptop works outside and inside network. mobile doesn’t work in either. but mobile going to plex.tv in browser works. i have rebooted. changed secure connections. i have another server that works on a shield tv but this synology one broke in the last week. Thoughts?
Logs will help but it does sound like you have a certificate conflict.
Best logs to provide:
- DEBUG logging
- Restart PMS
- Let it sit idle for 2-3 minutes to capture all startup activities
- Recreate the error.
- Download the logs ZIP file
- attach here
thanks for the reply. i rebooted the synology server “syno” but i am unable to reboot the shield server remotely. the shield is now showing up with an indirect connections but yesterday it wasn’t. not sure whats going on there but i am honestly more worried about syno as the shield is just streaming ota content remotely.
is there anything i need to sanitize from these logs before attaching? i haven’t gone through all the logs but it looks too hold a lot of information on my database as well as my public IP. i’m sure as a team member of plex you can see that but this forum is open to the public. Thanks.
@ChuckPa looks like the safest way is for me to direct message these logs to you but that is disabled for your profile for good reason i am sure. can i direct message them to someone else? or email?
i ran a test this morning out of network on laptop and mobile (through the app and through chrome browser) and then did it again just now within network computer and phone (only using the app but did a out of network and in network test as well).
Hi @ChuckPa ,
I seem to be in the same situation here.
My remote access were workling perfectly for more than one years now (at least!) and suddently stopped yesterday.
I’ve tried to disable secure connection and it’s working again and I have the exact same logs in the console.
When I tried to access from Plex Amp it just says:
[0x2f6ce450] DEBUG - CERT: incomplete TLS handshake: tlsv1 alert unknown ca
And I can see some errors about this certificate too:
HTTP error requesting GET https://<xxx>.plex.direct:21478/identity (0, No error) (SSL certificate problem: unable to get local issuer certificate)
My plex server is running on a Synology NAS, not really new but up-to-date.
Can you check something on your side to see if there’s an issue with my certificate?
Thanks in adavance
Best
Hi Am having the exact problem, did reinstall several times now (Ubuntu 20.04), and nothing, the loop continues,
[CERT] TLS connection from […]:42678 came in with unrecognized plex.direct SNI name ‘…feec22d509e24ab0842bd49262ba1e25.plex.direct’; using installed plex.direct cert
CERT: incomplete TLS handshake from […]:34590: sslv3 alert bad certificate
Looks to me like, this can be solved by doing a reset to the certificate, can someone help?
or how do I do it my self?
Thanks for the help!
I have a similar problem.
I can not connect to the server from my Sony Android TV. It was working fine for the last two years and suddenly wast week it just stop finding my media libraries. The funny thing is that from my iPhone everything works fine.
When I try to load something I can see in the logs the following message:
CERT: incomplete TLS handshake from ****: sslv3 alert certificate unknown
If the problem is with those certificates mentioned earlier, can you reset mine too?
Are you using your own certificate or is that from Plex’s ?
It looks like it’s yours due to the Unknown CA which happens with a self-signed certificate
