Can you please reset my certs? We have been unable to access on multiple devices internally and externally for the past week +. No changes on our end. Thank you.
Your machine is chewing through certificates every day.
This tells me there is a permissions problem saving the certificate.
It also explains why you’re having other problems.
Can you manually get into the file system of your Unraid Plex server and fix them to be the correct UID/GID of the username Plex runs as -OR- fix the Read/Write permissions where the container is storing the files ? ( I cannot tell from here what the errors are but those two are the most likely )
I have reset the certificate
As soon as you fix the file system issues and restart the server, you’ll get a new certificate
Ok I set the UID/GID for the container in Unraid to be the same as the file owner UID/GID. R/W permissions should be good, but I will monitor, thanks for the help!
Hi, could you please reset my certs?
It’s quite annoying: getting these errors in the logs and cannot access my plex server using any web clients (I masked my IPs in the log using xxx):
‘xxx-xxx-xxx-x.8799298377ad4cbfbf8d21a21896178b.plex.direct’; using installed plex.direct cert
Aug 24, 2022 12:09:04.519 [0x807097400] DEBUG - CERT: incomplete TLS handshake from X.X.X.50:49505: sslv3 alert bad certificate
Aug 24, 2022 12:09:05.292 [0x807097400] WARN - [CERT] TLS connection from X.X.X.50:49507 came in with unrecognized plex.direct SNI name ‘xxx-xxx-xxx-x.8799298377ad4cbfbf8d21a21896178b.plex.direct’; using installed plex.direct cert
Aug 24, 2022 12:09:05.297 [0x807096d00] DEBUG - CERT: incomplete TLS handshake from X.X.X.50:49507: sslv3 alert bad certificate
Aug 24, 2022 12:09:07.702 [0x807096d00] WARN - [CERT] TLS connection from X.X.X.50:49514 came in with unrecognized plex.direct SNI name ‘xxx-xxx-xxx-x.94ddbd501e67431e907c72aebd6cdcc9.plex.direct’; using installed plex.direct cert
Aug 24, 2022 12:09:07.707 [0x807097400] DEBUG - CERT: incomplete TLS handshake from X.X.X.50:49514: sslv3 alert bad certificate
Plex.tv and the auth mechanism is down right now.
Please monitor plex.
I’m signed back in.
Even my account got flagged with a “Password change required”.
(Don’t understand why but have).
Looking at your account,
- The server was created fresh about an hour ago (?)
- There is no throttling active.
- Unrecognized SNI usually comes from a client trying to use the old credentials
(from the server instance you just deleted ?? )
I had to reset my plex password today per plex email indicating that you had a data breach.
Looks like the problem went away once I’ve removed all the authorized devices forcing plex.tv to issue new certs for registation. Thanks for looking into this and now I know what to do the next time it happens.
can someone from plex team please reset my certificate?
thank you in advance!
Your certificate is valid.
If your server is on Windows, I don’t know where it’s stored.
On Linux, it’s stored in Plex Media Server/Cache.
I would delete the certificate file and restart Plex.
Make it download the certificate it has.
If you are showing me from an application – Restart that application so it downloads the new certificate.
thank you for your input.
i deleted “cert-v2.p12” from
“/var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Cache” on my ubuntu server and restarted plex media server, problem is still there. browser i use to visit server (ip:32400) is firefox, program that notifies me that cert is wrong is kaspersky.
other idea is welcome
Hi, can someone help me with this issue? It is the same of the last time:
I look at your account.
I see “Server Milano” (DS214play) has a valid certificate.
Can you show me the log files where you’re getting the certificate errors ?
( You can use FileStation to ZIP them manually)
If I try to use Safari on my MBP (with macOS 12 - Monterey) I receive this error:
“This connection is not private”.
So, trying to get more informations by clicking on “View certificate”:
“*.[some kind of string].plex.direct” certificate name does not match input."
I specify that I did nothing on my NAS, MacBook Pro, router, etc… until yesterday everything was working fine.
I have reset the certificate.
Please restart the server then reconnect your clients as you previously did.
Unfortunaltely, I still get that error. Plex apps on iOS, iPadOS, macOS and tvOS still can log-in without any problem, but if I try to access the Plex web interface on any device, with any browser and inside/outside my home, I still get that error of the certificate.
I tried also to re-execute the script to auto-renew the certificate…but nothing (the certificate is still valid, so it doesn’t update the config).
I manually renewed the Let’s Encrypt certificate and I re-executed the script… and the problem is still here.
what’s this please? Are you using your own certificate ?
Maybe I explained myself wrong, sorry.
The certificate is issued by Let’s Encrypt directly integrated into Synology’s DSM. The certificate expires relatively frequently and it is automatically update in Synology DSM.
Since this auto-update doesn’t work inside Plex, I use from years a script that check automatically every morning if the certificate is changed and, if it is, the script update the certificate also on Plex; if the certificate is still valid, it does nothing.
I understand that part.
The challenge with PMS is getting your hands on the CA.
I say this because, if you have a cert on the host, what happens is a break in the certificate domains in the communication sequence.
E.g. Plex/web (using Plex.tv cert) → Your DSM cert → PMS (using Plex.tv cert)
PMS flags this as MITM (Man In The Middle) and refuses to allow the connection
–UNLESS–
PMS knows about the certificate. (it’s been added in Settings - Server - Network - Show Advanced )
To do this, which I’ve never figured out how on Synology, you need to obtain the CA.
The CA is required to prove the domain is legitimate (not self-signed).
If you have the Cert, the Key, and the CA, you only need to put all three into the P12 then give that P12 to PMS and access with your domain will work.
Do you know how to reset the security certificate? Thanks
