Yes initially password was reset , i see from timestamp.
But latest log show auth was successful yet I’m getting TLS error?
PS - i reinstalled app now and have same issue.
why aren’t you using the 9.x.x app version?
Is there ANY way you can try to connect using IPv4 ?
Plex doesn’t speak IPv6
Yes i can try via IPv4 custom server URL .
But that’s what boggles me. I’ve been using IPv6 for months without any issue till recently.
PS- tried with 9.x and IPv4 and same issue persists.
Logs attached
plex-log-rohitvj-2.zip (222.1 KB)
A
@ChuckPa
Here are my server logs. I just freshly replicated the problem, with debug enabled.
I did also upgrade to latest client on Google Play today too.
Now I see what’s happening.
- Your LAN is 172.16.x.x
- You’re attempting to access the server via the WAN ADDRESS and use plex.direct
Aug 01, 2022 14:59:29.081 [0x7f877f9d4b38] WARN - [CERT] TLS connection from 172.16.0.3:46112 came in with unrecognized plex.direct SNI name '24-53-255-249.fd993391155a4490a38c4b643fe93492.plex.direct'; using installed plex.direct cert
Aug 01, 2022 14:59:29.094 [0x7f877f9f7b38] WARN - [CERT] TLS connection from 172.16.0.21:57103 came in with unrecognized plex.direct SNI name '24-53-255-249.fd993391155a4490a38c4b643fe93492.plex.direct'; using installed plex.direct cert
Do you have DNS rebinding protection on your modem router?
How are those devices attempting to connect? Manual server address or via Plex.tv ?
@ChuckPa
turns out i DID have dns rebinding protection on my firewall (OPNsense ; it’s a default on)
i toggled it off and downloads worked immediately
i even turned it back on, and it continued to work. perhaps once it works ONCE it’s fine?
i am reluctant to leave it turned off forever (for good reasons)
the only change i made to my network was months ago when i merged my dns server (.21) into my firewall (.3) … (the spinning rust hard drive on my dedicated dns server died)
i can only assume that is the correlation here…
i did not have any manual server addresses set up (under advanced in android app right?) - so i guess using the regular plex.tv method.
I use pfsense. I declare private network: plex.direct in my dns resolver and it’s done.
This allows it to stay on but keep plex as a known allowed private network domain
@ChuckPa Any resolution for my query . Loaded logs for your reference
@rohit533 do you have anything specified in Custom server access URLs?
Yes .
https://my.ipv4.of.server.plex token id.direct.port
First, why - what’s the goal of that entry?
Second, is the token/guid outdated?
Goal of entry is to connect to server behind VPN.
How do i check if token is outdated?
I see this entry in the logs; it appears to be a Tailscale IP address entered as a Custom Server Access URL:
Aug 02, 2022 01:15:24.400 [0xb1aead44] DEBUG - [HCl#2c] HTTP requesting PUT https://plex.tv/devices/7b9bd39903d63ae01e83e5ed25265e406b6804e7?Connection[][uri]=https://100-78-7-1.c4d7b652eefbc6e58e16c5a7f103f688.plex.direct:32400&Connection[][uri]=http://192.168.1.52:32400&httpsEnabled=1&httpsRequired=0&dnsRebindingProtection=0&natLoopbackSupported=0&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
That’s what’s being pushed up to Plex.
c4d7b652eefbc6e58e16c5a7f103f688 is the server GUID & address that the client is trying to connect to, because that’s what you’ve told it to do with the current Custom server access URL entry. And it’s being rejected, because …
… earlier, there’s this entry:
Aug 02, 2022 01:15:04.996 [0xb64d1e60] DEBUG - [CERT] Subject name is /CN=*.cd7b652eefbc46e58e16c5a7f103f688.plex.direct
Those don’t match. The server knows itself by the cd7b652eefbc46e58e16c5a7f103f688 certificate ID.
Try changing the Custom server access URL entry to just the IP address: https://100.78.7.1:32400. I think Plex will automatically register an entry with the full magic certificate URL.
Edit: Those are awfully similar. Transposition / typo?
c4d7b652eefbc6e58e16c5a7f103f688
cd7b652eefbc46e58e16c5a7f103f688
But still, try it with just https://100.78.7.1:32400 if that’s the Tailscale IP.
1 Like
Thanks a ton mate. It is working well now. Thanks a ton again .
Anyway can we mark it as answered ?
1 Like
To follow up here and educate as we close out
- I did state/ask about using the
host.certID.plex.directURL. I should have been more clear. Sorry
TO ALL who find this in the future:
-
NEVER use a
plex.directURL for anything because the CertID will change the next time the certificate updates whichinvalidates the URL. - Use either a FQDN URL or an IP address, both of which are in your control.
2 Likes
Can someone here reset my certificate or give me a new one? I am unable to access my server after doing a factory reset on my Nvidia Shield.
Server Version#: 1.28.0.5999
Player Version#:9.6.0.34226
I looked at your plex.tv account. There are no certificate errors of any kind.
However, since you did a factory reset on your Shield,
- I can assume all three server entries there are no longer valid ?
- Would you like me to remove them so you can complete setup of the server from scratch?
Yes please. Thank you!
I’ve removed all the Shield servers from your account.
You can remove the server on the shield and start over if you have one installed.
