Looking at your account, you deleted 2 servers with certificates.
The one which sits there now has no certificate whatsoever.
May i see the full logs? I think you might be hard-throttled.
Hi @ChuckPa,
Some background just in case its relevant, I was running PMS on a personal laptop with windows, and decided to migrate PMS to an Ubuntu machine (did follow the instructions on Plex to do so), and everything was running fine for a few days, and sometimes switched to windows to check if I could run both, but all good.
Then last Sunday the PMS was so slow and sometimes give me some errors that was unable to play the content, did check logs and seems to me that it was on a loop and giving warnings about the TLS connection and incomplete TLS handshake, so what I did after doing some research and testing was to disable the logs, allow insecure connections on same network, etc. and was able to get PMS working smoothly.
Never the less, still curios on what happen, did pull some logs one time, here there are:
Plex Media Server Logs_2021-09-20_10-23-58.zip (107.0 KB)
O and one time it was weird, but had duplicated servers (3 of the same) so did test deleting them (maybe that’s why it shows 2 as deleted), after doing some research I had to logout and log in back xD.
1 Like
Hi again @ChuckPa,
Do you have any idea on how I can continue investigating this issue on my side?
Thanks for the help!
Good day to all here, I hope my issue is perhaps the same as others have posted, and that there is a solution for it.
A few days ago, on my local network, Open PHT client on a couple of computers suddenly stopped being able to see the libraries on my Synology NAS.
In digging through logs, I found:
Sep 23, 2021 23:38:34.349 [0x7efe64866700] WARN - [CERT] TLS connection came in with unrecognized plex.direct SNI name ‘192-168-0-240.aa159170c091495e838fa0968b7a8d8b.plex.direct’; using installed plex.direct cert
Sep 23, 2021 23:38:34.353 [0x7efe64577700] DEBUG - CERT: incomplete TLS handshake: sslv3 alert certificate unknown
I can still see libraries when logging in via web app.
I found this topic based on Google result, and hoping there might be a fix for the issue I am having - thank you in advance for any assistance or thoughts anyone can offer!
1 Like
I looked at your account. You had 3 server instances, all with valid certificates, which you deleted.
Now you have a server with no certificate. (most likely throttled from making so many requests within a short time span. Certs are good for 90 days)
When you have those errors, deleting the server and trying to start over isn’t really the answer if you don’t know what the cause is; agreed ?
This is a problem. 12 retries?
Sep 20, 2021 10:14:54.372 [0x7f386f56bb38] DEBUG - CERT: Downloaded new cert from plex.tv; took 12 tries.
Sep 20, 2021 10:14:54.388 [0x7f386fc62b38] DEBUG - Completed: [127.0.0.1:47594] 200 POST /myplex/claim?token=xxxxxxxxxxxxxxxxxxxxj3uSd6 (20 live) GZIP 29665ms 2537 bytes (pipelined: 1)
Sep 20, 2021 10:14:54.395 [0x7f386fc85b38] DEBUG - [CERT] Subject name is /CN=*.2b4feb2d746048f4bbaf4efb61778f9a.plex.direct
Sep 20, 2021 10:14:54.395 [0x7f386fc85b38] DEBUG - [CERT] Installed certificate with fingerprint 1d:88:f9:19:2a:c5:b7:ec:41:90:81:97:f8:1c:27:ed:47:c5:fc:52.
Sep 20, 2021 10:14:54.395 [0x7f386fc85b38] DEBUG - [CERT/OCSP] Stapling requests will be made to 'http://r3.o.lencr.org/'.
Sep 20, 2021 10:14:54.395 [0x7f386fc85b38] ERROR - [CERT/OCSP] Error opening file '"/var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Cache/OCSP/main.der"' - No such file or directory (2)
Sep 20, 2021 10:14:54.396 [0x7f386f135b38] DEBUG - [CERT/OCSP] HTTP requesting GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgTO2zhUJucaOwMqAKeSv6tZFg%3D%3D
Sep 20, 2021 10:14:54.400 [0x7f386fc85b38] DEBUG - [CERT] MyPlex: Updating device connections (from timer: 0)
Sep 20, 2021 10:14:54.401 [0x7f386fc85b38] DEBUG - [CERT] HTTP requesting PUT https://plex.tv/devices/e4cbe8bb93b7fbb94a1fe99d7f953d93527babd6?Connection[][uri]=http://192.168.1.93:32400&Connection[][uri]=http://172.30.32.1:32400&Connection[][uri]=http://[2806:1000:8000:7d93::2]:32400&Connection[][uri]=http://[2806:1000:8000:7d93:4112:bbf3:97d1:8165]:32400&Connection[][uri]=http:/
Do you have the ability to allow DNS rebinding rules ?
deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (17 live) GZIP Signed-in Token (sickx.thoughts@gmail.com)
Sep 20, 2021 10:15:01.827 [0x7f386f56bb38] DEBUG - Content-Length is -1 (of total: -1).
Sep 20, 2021 10:15:04.412 [0x7f386fc62b38] WARN - [CERT] TLS connection from [::ffff:192.168.1.93]:38326 came in with unrecognized plex.direct SNI name '192-168-1-93.feec22d509e24ab0842bd49262ba1e25.plex.direct'; using installed plex.direct cert
Sep 20, 2021 10:15:04.416 [0x7f386fc85b38] DEBUG - CERT: incomplete TLS handshake from [::ffff:192.168.1.93]:38326: sslv3 alert bad certificate
Sep 20, 2021 10:15:04.426 [0x7f386fc85b38] WARN - [CERT] TLS connection from [::ffff:201.142.176.105]:33368 came in with unrecognized plex.direct SNI name '201-142-176-105.feec22d509e24ab0842bd49262ba1e25.plex.direct'; using installed plex.direct cert
Sep 20, 2021 10:15:04.434 [0x7f386fc62b38] DEBUG - CERT: incomplete TLS handshake from [::ffff:201.142.176.105]:33368: sslv3 alert bad certificate
Sep 20, 2021 10:15:10.187 [0x7f386fc62b38] WARN - [CERT] TLS connection from [::ffff:192.168.1.93]:38342 came in with unrecognized plex.direct SNI name '192-168-1-93.feec22d509e24ab0842bd49262ba1e25.plex.direct'; using installed plex.direct cert
Sep 20, 2021 10:15:10.190 [0x7f386fc85b38] DEBUG - CERT: incomplete TLS handshake from [::ffff:192.168.1.93]:38342: sslv3 alert bad certificate
Sep 20, 2021 10:15:10.199 [0x7f386fc85b38] WARN - [CERT] TLS connection from [::ffff:201.142.176.105]:33384 came in with unrecognized plex.direct SNI name '201-142-176-105.feec22d509e24ab0842bd49262ba1e25.plex.direct'; using installed plex.direct cert
Sep 20, 2021 10:15:10.205 [0x7f386fc62b38] DEBUG - CERT: incomplete TLS handshake from [::ffff:201.142.176.105]:33384: sslv3 alert bad certificate
Sep 20, 2021 10:15:21.829 [0x7f386fc62b38] DEBUG - Completed: [127.0.0.1:47882] 200 GET /player/proxy/poll?deviceClass=pc&protocolVersion=3&protocolCapabilities=timeline%2Cplayback%2Cnavigation%2Cmirror%2Cplayqueues&timeout=1 (8 live) GZIP 20001ms 5 bytes (pipelined: 4)
Sep 20, 2021 10:15:21.849 [0x7f386fc85b38] DEBUG - Auth: authenticated user 1 as sickx.thoughts@gmail.com
According to Plex.tv, even this log isn’t 100% correct now.
This is going to take some manual editing of “Preferences.xml” to get it to start over.
- Stop Plex
- edit “Preferences.xml”
- Remove the following Certificate values pair entries (some may not exist)
- CertificateUUID
- CertificateVersion
- customCertificateDomain
- customCertificateKey
- customCertificatePath
- Save the file
- Start Plex
By removing these entries, PMS won’t go looking for a non-existent certificate and will fetch a new one,
Given your difficulties acquiring a new certificate, give it 2 minutes to get one.
Stop Plex & manually grab the logs (tar.gz of the Logs directory)
Attach that here please.
May I have the full zip file please ?
@ChuckPa Most certainly, and many thanks for being willing to assist!
Looking at your account shows a valid certificate is ready.
Your logs show being ‘unauthorized’ when you go to do anything with it.
Questions:
- Is the server signed into the right Plex account ?
- Are the credentials (user / password) correct ?
- Is there another certificate involved anywhere on the host ?
Sep 22, 2021 02:55:01.959 [0x7efe0b732700] DEBUG - Sync: uploadStatus
Sep 22, 2021 02:55:25.958 [0x7efe0b732700] DEBUG - [CERT/OCSP] HTTP requesting GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUebRZ5nu25eQBc4AIiMgaWPbpm24CEgTYDVRINTWa4HoXGJQm2rILrA%3D%3D
Sep 22, 2021 02:55:26.018 [0x7efe0b732700] DEBUG - [CERT/OCSP] HTTP 200 response from GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUebRZ5nu25eQBc4AIiMgaWPbpm24CEgTYDVRINTWa4HoXGJQm2rILrA%3D%3D
Sep 22, 2021 02:55:26.018 [0x7efe0b732700] ERROR - [CERT/OCSP] response error: unauthorized.
Sep 22, 2021 02:55:26.018 [0x7efe0b732700] INFO - [CERT/OCSP] couldn't fetch a valid response; retrying in 10800 seconds
Sep 22, 2021 02:55:36.996 [0x7efe099dc700] DEBUG - PublicAddressManager: Obtaining public address and mapping port.
Sep 22, 2021 02:55:36.996 [0x7efe099dc700] DEBUG - PublicAddressManager: Obtaining public IP.
Sep 22, 2021 02:55:36.996 [0x7efe096ed700] DEBUG - NAT: UPnP, attempting port mapping.
Many thanks for your questions:
I will note that I don’t use Plex externally - it’s set up to use on the local LAN only (this is intentional, and preferred to leave that way).
You had asked:
- Is the server signed into the right Plex account ? Yes, I have only one Plex Account, and I have signed out and back in to test.
- Are the credentials (user / password) correct ? See above on sign in and out to test.
- Is there another certificate involved anywhere on the host ? There are none set up by myself, and would not know how as the whole thing is running on a Synology NAS.
To clarify, this worked perfectly one day, and the next, Open PHT just wouldn’t see the server. I can access Plex using both a web page, and also Plex Media Player, though I get tearing on screen with PMP, and neither interface are really all that usable for me, hence I’m looking to fox what’s broken and get Open PHT working again (Open PHT runs on Windows, and currently on 2 PC’s, one Windows 7, one Windows 10).
I hope this helps to clarify the situation?
PHT is extremely old and no longer maintained. At some point it will break and it might just have.
PHT was released to public domain several years ago. It wouldn’t surprise me at all if the recent changes at Plex.tv are more than it can handle.
How does Plex/web work?
I cannot speak to PMP as I don’t use Windows. I’m a Linux developer with everything here running Linux. sorry about that.
As for sharing (remote access), I have a highly restricted remote access configuration which allows 3 people access to the server.
Thank you for taking the time to look and check.
What puzzles me is that nothing changed (automatic update of Plex server is turned off), and yet things broke, I do realise the system I’m running is old, hence the no automatic updates to prevent things from breaking with ongoing updates etc.
Given the similarity in error messages, I was hopeful there might be something in the security certificate/settings that could have been the cause.
Looks like I will have to try and find a new system - there is no current player that I am aware of that works in the way Open PHT did, with a reliable way of playing content without screen tearing etc.
Many thanks for your time and assistance!
The set top boxes (AppleTV, Nvidia Shield Pro 2919 are two which I have and work without any problems for everything.
This is likely a good path forward for you.
They work on the local LAN and link directly to your server just like PHT did but with the ability to play so much more.
I’m having a similar problem.
Sep 24, 2021 08:19:02.133 [0x7f6b7eb21b38] DEBUG - CERT: incomplete TLS handshake from 127.0.0.1:52746: sslv3 alert bad certificate
Sep 24, 2021 08:19:02.476 [0x7f6b7eb44b38] DEBUG - CERT: incomplete TLS handshake from 127.0.0.1:52750: sslv3 alert bad certificate
Sep 24, 2021 08:19:19.962 [0x7f6b7eb44b38] DEBUG - CERT: incomplete TLS handshake from [::ffff:173.216.226.188]:53484: sslv3 alert bad certificate
Sep 24, 2021 08:19:20.184 [0x7f6b7eb21b38] DEBUG - CERT: incomplete TLS handshake from 127.0.0.1:52762: sslv3 alert bad certificate
Can I have my cert renewed as well. I do not have a custom one installed.
I need logs ZIP please.
I am looking at Plex.tv and not seeing a problem therefore logs are necessary.
Additionally, it’s not 100% diagnosis by looking at a snippet.
- Restart PMS
2 Wait 2 minutes - Download Logs ZIP file
- Attach
Hi @ChuckPa,
Agreed, I did delete the server because it appeared 2 times duplicated on my dashboard (it was weird), but you are right, as for the ability to allow DNS rebinding rules, not sure, will need to do some research (I do have admin access to my modem, and root access to my computer)
Did clear all my logs and did the steps, and tested playing something, sharing the logs (did 2 tests and seems fine, the 2nd test did enable the secured connection to Preferred)
Plex Media Server Logs_2021-09-24_16-49-17.zip (105.1 KB)
Thanks a lot for your help!
I’ve attached my server logs after restarting Plex and waiting 2 minutes. Local connections are fine, but anything remote seems to terminate.
You have DNS / more network errors there.
- CURL -6 = dns lookup fail.
- below it is the adapter changing state (up/down - down/up) - adapter #3
Sep 24, 2021 16:41:04.202 [0x7f315288cb38] DEBUG - Request: [200.68.133.105:17724 (WAN)] GET /library/augmentation/13964/relatedTracks?count=10&excludeElements=Actor%2CCollection%2CCountry%2CDirector%2CGenre%2CLabel%2CMood%2CPart%2CProducer%2CRole%2CSimilar%2CWriter%2CPhoto%2CVast%2CTopic&excludeFields=summary%2Ctagline%2Cfile&includeExternalMetadata=1&includeLibraryPlaylists=1&includeRecentChannels=1&includeStations=1&includeTypeFirst=1&indirectMedia=1&libraryHubsOnly=1 (12 live) GZIP Signed-in Token (sickx.thoughts@gmail.com)
Sep 24, 2021 16:41:08.482 [0x7f3151d65b38] ERROR - Error issuing curl_easy_perform(handle): 6
Sep 24, 2021 16:41:08.482 [0x7f3151d65b38] ERROR - HTTP -6 downloading url https://metadata.provider.plex.tv/library/metadata/matches/?grandparentGuid=com%2Eplexapp%2Eagents%2Ethetvdb%3A%2F%2F294002%3Flang%3Den&grandparentTitle=Overlord&guid=com%2Eplexapp%2Eagents%2Ethetvdb%3A%2F%2F294002%2F1%2F8%3Flang%3Den&includeExternalMetadata=1&includeRelated=1&index=8&parentGuid=com%2Eplexapp%2Eagents%2Ethetvdb%3A%2F%2F294002%2F1%3Flang%3Den&parentIndex=1&title=Twin%20Swords%20of%20Slashing%20Death&type=4&year=2015&X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Sep 24, 2021 16:41:08.482 [0x7f3151d65b38] DEBUG - Augment: Completed episode augmentation in 5.0 sec.
Sep 24, 2021 16:41:08.485 [0x7f3152c06b38] DEBUG - Completed: [200.68.133.105:17724] 200 GET /library/augmentation/13964/relatedTracks?count=10&excludeElements=Actor%2CCollection%2CCountry%2CDirector%2CGenre%2CLabel%2CMood%2CPart%2CProducer%2CRole%2CSimilar%2CWriter%2CPhoto%2CVast%2CTopic&excludeFields=summary%2Ctagline%2Cfile&includeExternalMetadata=1&includeLibraryPlaylists=1&includeRecentChannels=1&includeStations=1&includeTypeFirst=1&indirectMedia=1&libraryHubsOnly=1 (9 live) GZIP 4282ms 444 bytes (pipelined: 25)
Sep 24, 2021 16:41:08.488 [0x7f31528afb38] DEBUG - Activity: Ended activity a72a4310-dfea-47e5-8205-31417934b2e5.
Sep 24, 2021 16:41:12.797 [0x7f3152453b38] DEBUG - NetworkInterface: received Netlink message len=68, type=RTM_NEWLINK, flags=0x0
Sep 24, 2021 16:41:12.797 [0x7f3152453b38] DEBUG - NetworkInterface: Netlink information message family=0, type=1, index=3, flags=0x11043, change=0x0
Sep 24, 2021 16:41:12.797 [0x7f3152453b38] DEBUG - Network change.
Sep 24, 2021 16:41:12.797 [0x7f3152453b38] DEBUG - NetworkInterface: Notified of network changed (force=0)
Sep 24, 2021 16:41:12.801 [0x7f3152453b38] DEBUG - Network change notification but nothing changed.
Sep 24, 2021 16:41:16.528 [0x7f315288cb38] DEBUG - Request: [200.68.133.105:17724 (WAN)] GET /library/metadata/13964?includeChapters=1&includeLoudnessRamps=1&includeMarkers=1&includeRelated=1 (8 live) GZIP Signed-in Token (sickx.thoughts@gmail.com)
Sep 24, 2021 16:41:16.565 [0x7f315288cb38] DEBUG - Audio Stream: 187667, Subtitle Stream: -1
Sep 24, 2021 16:41:16.567 [0x7f315288cb38] DEBUG - We're going to try to auto-select an audio stream for account 1.
Sep 24, 2021 16:41:16.567 [0x7f315288cb38] DEBUG - Selecting best audio stream for part ID 74117 (autoselect: 0 language: en)
Sep 24, 2021 16:41:16.567 [0x7f315288cb38] DEBUG - Audio Stream: 187978, Subtitle Stream: -1
Sep 24, 2021 16:41:16.569 [0x7f315288cb38] DEBUG - We're going to try to auto-select an audio stream for account 1.
Sep 24, 2021 16:41:16.569 [0x7f315288cb38] DEBUG - Selecting best audio stream for part ID 74091 (autoselect: 0 language: en)
Sep 24, 2021 16:41:16.569 [0x7f315288cb38] DEBUG - Audio Stream: 187688, Subtitle Stream: -1
Sep 24, 2021 16:41:16.570 [0x7f315288cb38] DEBUG - We're going to try to auto-select an audio stream for account 1.
Sep 24, 2021 16:41:16.570 [0x7f315288cb38] DEBUG - Selecting best audio stream for part ID 74075 (autoselect: 0 language: en)
Sep 24, 2021 16:41:16.570 [0x7f315288cb38] DEBUG - Audio Stream: 187698, Subtitle Stream: -1
Sep 24, 2021 16:41:16.575 [0x7f3152c29b38] DEBUG - Completed: [200.68.133.105:17724] 200 GET /library/metadata/13964?includeChapters=1&includeLoudnessRamps=1&includeMarkers=1&includeRelated=1 (8 live) GZIP 47ms 2860 bytes (pipelined: 26)```-
Please keep VERBOSE off unless requested
a. it shortens log retention length to 2 minutes instead of 60m
b. It’s a pain to read through (every click / acdtion) -
You need to fix the ownership in
/var/lib/plexmediaserver… and please don’t play or let others play in the sandbox ?
Sep 24, 2021 19:27:04.591 [0x7f8136fa4b38] DEBUG - [MediaProviderManager] cloud provider (Movies & TV) is online and available
Sep 24, 2021 19:27:04.772 [0x7f8136742b38] DEBUG - HTTP/1.1 (0.8s) 200 response from GET https://plex.tv/api/v2/user/privacy?X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Sep 24, 2021 19:27:04.774 [0x7f8136742b38] ERROR - safe_fopen: fopen for '"/var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Cache/Privacy.dat.tmp.81b49a7f-6677-4607-b1b5-45fe17187414"' failed: 13 (Permission denied)
Sep 24, 2021 19:27:04.774 [0x7f8136742b38] DEBUG - HTTP requesting GET https://plex.tv/api/v2/features?X-Plex-Token=xxxxxxxxxxxxxxxxxxxx
Sep 24, 2021 19:27:04.903 [0x7f8137574b38] DEBUG - [EventSourceClient/pubsub] Read HTTP reply header.
@ChuckPa that was perfect. I’m not sure how or why the permissions changed… I’m the only one that has access to the host.
I have verbose logging because I usually troubleshoot other issues, and totally forgot that it was enabled. Thanks for reminding me. 
Hi,
I have the same certificate error: CERT: incomplete TLS handshake: sslv3 alert certificate unknown
Can you please help reset?
Thanks
