Server Version#: 3.69.4
Player Version#: HTML5 on Chrome.
I have configured my Plex server to use an SSL certificate issued by Letsencrypt. I have configured the domain, and the password. However, when I use SSL to connect to it (https), Chrome is telling me that the site is not secure, and it indicates that the certificate is invalid. The certificate in question is not the one I used in the configuration, but rather the following:
*.52a9090c340e445582bdf7c5f92612d0.plex.direct
ssued by: Plex Devices High Assurance CA2
Expires: Saturday, November 2, 2019 at 5:00:00 AM Pacific Daylight Time
You need to install on your computer the root certificate from Letsencrypt. That is why it isn’t working, you don’t have a trusted certificate on your PC to bounce against the server certificate.
My certificate is signed by a CA which is trusted on just about all OS distributions (https://letsencrypt.org/). However, Plex is not using my certificate (the one I configured in the PMS along with a private key and pkcs8 passphrase). To see my actual certificate working go to https://tinskip.net
It s been a while since I installed a certificate for anything Web-Related. Back in the day you installed a certificate by making a key, installing the Encrypt or whatever certificate, on your Webserver (payara, tomcat, whatever) and then linking it. It has nothing to do with the fact that letsEncrypt is trusted or not.
If you used Services like Plesk(Sounds like Plex, something totally different) it could be automated and was done in about 10 seconds. Maybe that is the reason you wonder why it’s not easier? As far as I know they are few Applications who can do this, not sure about Plex’s capabilities regarding that.
Installing it manually is still needed often and should take about an hour, if you don’t have much experience. (tons of tutorials online)
Edit: Best someone who has done it before speaks at this point. They maybe able to point you towards an easier solution then a manual one.
I have seen where smaller companies require a CA to be installed on the local host. The bigger companies like godaddy and Norton don’t because they are pre-installed on most operating systems.
Did you put your custom domain name in there, as a complete URL ?
Because if you didn’t, remote Plex clients will contact your server under its default FQDN on the *.plex.direct subdomain.
Which all servers get assigned automatically when they are signed into a plex.tv account.
I believe the problem is that you are using a PKCS#7 certificate container (has the full chain), instead of a PKCS#12 one (contains the individual certificate + private key). You can use the openssl pkcs12 command to package both the certificate (don’t need the full chain, just the domain leaf) and the private key into a password-protected .pfx file. You then use that file as the certificate, and set the encryption key to the passphrase (literal, not a file).
