TrueNAS SCALE new setup - Plex pass docker SSL error

csjjpm · March 14, 2023, 5:10pm

Server Version#: 1.31.2.6783
Player Version#: 4.100.1

CERT: incomplete TLS handshake from [::ffff:xxx.xxx.xxx.xxx]:58544: sslv3 alert bad certificate

I have just installed Plex on my newly upgraded TrueNAS SCALE server (from Core). I am using tghe same pfx file I used yesterday with password but when I connect from a web browser I get an error.
“…has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.”
When I examine the certificate it is a LetsEncrypt certificate but mine is a Comodo one I’ve paid for. Why did it work yesterday and not today?
Thanks

ChuckPa · March 14, 2023, 7:11pm

May I see the full log please ? ( the snippet isn’t enough )

csjjpm · March 14, 2023, 7:57pm

Hi,
do you need more than this? If you want the log can I strip all the identifying stuff (ip and username)?

Mar 14, 2023 19:51:53.143 [0x7fd8c5be2b38] DEBUG - Request: [xxx.xxx.xxx.xxx:59833 (WAN)] GET /web/static/b47e1e549516948eea36.woff2 (28 live) #1bfe TLS GZIP Signed-in
Mar 14, 2023 19:51:53.143 [0x7fd8c5be2b38] DEBUG - [Req#1bfe] Final path: "/usr/lib/plexmediaserver/Resources/Plug-ins-9209b39b4/WebClient.bundle/Contents/Resources/static/b47e1e549516948eea36.woff2"
Mar 14, 2023 19:51:53.143 [0x7fd8c5be2b38] DEBUG - Content-Length of /usr/lib/plexmediaserver/Resources/Plug-ins-9209b39b4/WebClient.bundle/Contents/Resources/static/b47e1e549516948eea36.woff2 is 74059 (of total: 74059).
Mar 14, 2023 19:51:53.144 [0x7fd8cc73eb38] DEBUG - Completed: [xxx.xxx.xxx.xxx:59833] 200 GET /web/static/b47e1e549516948eea36.woff2 (28 live) #1bfe TLS GZIP 0ms 74059 bytes (pipelined: 7)
Mar 14, 2023 19:51:59.023 [0x7fd8c5be2b38] DEBUG - Request: [172.16.0.96:49738 (Subnet)] GET /identity (29 live) #1bfc Signed-in
Mar 14, 2023 19:51:59.023 [0x7fd8cc73eb38] DEBUG - Completed: [172.16.0.96:49738] 200 GET /identity (29 live) #1bfc 0ms 398 bytes (pipelined: 1)
Mar 14, 2023 19:51:59.066 [0x7fd8c90e6b38] DEBUG - Request: [172.16.0.96:49750 (Subnet)] GET /identity (29 live) #1c00 Signed-in
Mar 14, 2023 19:51:59.066 [0x7fd8cc53bb38] DEBUG - Completed: [172.16.0.96:49750] 200 GET /identity (29 live) #1c00 0ms 398 bytes (pipelined: 1)
Mar 14, 2023 19:52:06.183 [0x7fd8cc53bb38] DEBUG - CERT: incomplete TLS handshake from [::ffff:xxx.xxx.xxx.xxx]:59853: sslv3 alert bad certificate
Mar 14, 2023 19:52:14.039 [0x7fd8c90e6b38] DEBUG - Request: [172.16.0.96:34408 (Subnet)] GET /identity (8 live) #1c06 Signed-in
Mar 14, 2023 19:52:14.039 [0x7fd8cc53bb38] DEBUG - Completed: [172.16.0.96:34408] 200 GET /identity (8 live) #1c06 0ms 398 bytes (pipelined: 1)
Mar 14, 2023 19:52:14.079 [0x7fd8c90e6b38] DEBUG - Request: [172.16.0.96:34420 (Subnet)] GET /identity (8 live) #1c1d Signed-in
Mar 14, 2023 19:52:14.079 [0x7fd8cc53bb38] DEBUG - Completed: [172.16.0.96:34420] 200 GET /identity (8 live) #1c1d 0ms 398 bytes (pipelined: 1)
Mar 14, 2023 19:52:18.237 [0x7fd8cc73eb38] DEBUG - CERT: incomplete TLS handshake from [::ffff:xxx.xxx.xxx.xxx]:59864: sslv3 alert certificate unknown
Mar 14, 2023 19:52:18.238 [0x7fd8cc53bb38] DEBUG - CERT: incomplete TLS handshake from [::ffff:xxx.xxx.xxx.xxx]:59865: sslv3 alert certificate unknown
Mar 14, 2023 19:52:18.239 [0x7fd8cc73eb38] DEBUG - CERT: incomplete TLS handshake from [::ffff:xxx.xxx.xxx.xxx]:59866: sslv3 alert certificate unknown
Mar 14, 2023 19:52:18.241 [0x7fd8cc73eb38] DEBUG - CERT: incomplete TLS handshake from [::ffff:xxx.xxx.xxx.xxx]:59867: sslv3 alert certificate unknown
Mar 14, 2023 19:52:18.251 [0x7fd8c90e6b38] DEBUG - Request: [xxx.xxx.xxx.xxx:59868 (WAN)] GET /web/chunk-639-82d3d64fc49879bd7a62-plex-4.100.1.29405-21e8735.css (12 live) #1c29 TLS GZIP Signed-in
Mar 14, 2023 19:52:18.251 [0x7fd8c90e6b38] DEBUG - [Req#1c29] Final path: "/usr/lib/plexmediaserver/Resources/Plug-ins-9209b39b4/WebClient.bundle/Contents/Resources/chunk-639-82d3d64fc49879bd7a62-plex-4.100.1.29405-21e8735.css"
Mar 14, 2023 19:52:18.252 [0x7fd8c90e6b38] DEBUG - Content-Length of /usr/lib/plexmediaserver/Resources/Plug-ins-9209b39b4/WebClient.bundle/Contents/Resources/chunk-639-82d3d64fc49879bd7a62-plex-4.100.1.29405-21e8735.css is 67445 (of total: 67445).
Mar 14, 2023 19:52:18.252 [0x7fd8cc73eb38] DEBUG - Completed: [xxx.xxx.xxx.xxx:59868] 200 GET /web/chunk-639-82d3d64fc49879bd7a62-plex-4.100.1.29405-21e8735.css (12 live) #1c29 TLS GZIP 0ms 67445 bytes (pipelined: 1)
Mar 14, 2023 19:52:18.254 [0x7fd8c90e6b38] DEBUG - Request: [xxx.xxx.xxx.xxx:59869 (WAN)] GET /web/js/chunk-785-7dfba974788d9abf5abb-plex-4.100.1.29405-21e8735.js (12 live) #1c2a TLS GZIP Signed-in
Mar 14, 2023 19:52:18.255 [0x7fd8c90e6b38] DEBUG - [Req#1c2a] Final path: "/usr/lib/plexmediaserver/Resources/Plug-ins-9209b39b4/WebClient.bundle/Contents/Resources/js/chunk-785-7dfba974788d9abf5abb-plex-4.100.1.29405-21e8735.js"
Mar 14, 2023 19:52:18.255 [0x7fd8c90e6b38] DEBUG - Content-Length of /usr/lib/plexmediaserver/Resources/Plug-ins-9209b39b4/WebClient.bundle/Contents/Resources/js/chunk-785-7dfba974788d9abf5abb-plex-4.100.1.29405-21e8735.js is 27525 (of total: 27525).
Mar 14, 2023 19:52:18.255 [0x7fd8c8e8eb38] DEBUG - Request: [xxx.xxx.xxx.xxx:59871 (WAN)] GET /web/js/chunk-254-0a77f35a26d7b43cc442-plex-4.100.1.29405-21e8735.js (12 live) #1c2c TLS GZIP Signed-in
Mar 14, 2023 19:52:18.255 [0x7fd8c7a20b38] DEBUG - Request: [xxx.xxx.xxx.xxx:59870 (WAN)] GET /web/js/chunk-639-82d3d64fc49879bd7a62-plex-4.100.1.29405-21e8735.js (12 live) #1c2b TLS GZIP Signed-in
Mar 14, 2023 19:52:18.255 [0x7fd8cc73eb38] DEBUG - Completed: [xxx.xxx.xxx.xxx:59869] 200 GET /web/js/chunk-785-7dfba974788d9abf5abb-plex-4.100.1.29405-21e8735.js (12 live) #1c2a TLS GZIP 0ms 27525 bytes (pipelined: 1)
Mar 14, 2023 19:52:18.255 [0x7fd8c7a20b38] DEBUG - [Req#1c2b] Final path: "/usr/lib/plexmediaserver/Resources/Plug-ins-9209b39b4/WebClient.bundle/Contents/Resources/js/chunk-639-82d3d64fc49879bd7a62-plex-4.100.1.29405-21e8735.js"
Mar 14, 2023 19:52:18.255 [0x7fd8c8e8eb38] DEBUG - [Req#1c2c] Final path: "/usr/lib/plexmediaserver/Resources/Plug-ins-9209b39b4/WebClient.bundle/Contents/Resources/js/chunk-254-0a77f35a26d7b43cc442-plex-4.100.1.29405-21e8735.js"
Mar 14, 2023 19:52:18.255 [0x7fd8c8e8eb38] DEBUG - Content-Length of /usr/lib/plexmediaserver/Resources/Plug-ins-9209b39b4/WebClient.bundle/Contents/Resources/js/chunk-254-0a77f35a26d7b43cc442-plex-4.100.1.29405-21e8735.js is 101016 (of total: 101016).
Mar 14, 2023 19:52:18.255 [0x7fd8c7a20b38] DEBUG - Content-Length of /usr/lib/plexmediaserver/Resources/Plug-ins-9209b39b4/WebClient.bundle/Contents/Resources/js/chunk-639-82d3d64fc49879bd7a62-plex-4.100.1.29405-21e8735.js is 618514 (of total: 618514).
Mar 14, 2023 19:52:18.256 [0x7fd8cc73eb38] DEBUG - Completed: [xxx.xxx.xxx.xxx:59871] 200 GET /web/js/chunk-254-0a77f35a26d7b43cc442-plex-4.100.1.29405-21e8735.js (12 live) #1c2c TLS GZIP 0ms 101016 bytes (pipelined: 1)
Mar 14, 2023 19:52:18.274 [0x7fd8cc73eb38] DEBUG - Completed: [xxx.xxx.xxx.xxx:59870] 200 GET /web/js/chunk-639-82d3d64fc49879bd7a62-plex-4.100.1.29405-21e8735.js (12 live) #1c2b TLS GZIP 19ms 618514 bytes (pipelined: 1)
Mar 14, 2023 19:52:23.501 [0x7fd8c8e8eb38] DEBUG - Request: [xxx.xxx.xxx.xxx:59871 (WAN)] GET /accounts/1 (12 live) #1c30 TLS GZIP Signed-in Token (username) (Chrome)
Mar 14, 2023 19:52:23.501 [0x7fd8c90e6b38] DEBUG - Request: [xxx.xxx.xxx.xxx:59870 (WAN)] GET /:/prefs (12 live) #1c31 TLS GZIP Signed-in Token (username) (Chrome)
Mar 14, 2023 19:52:23.502 [0x7fd8cc53bb38] DEBUG - Completed: [xxx.xxx.xxx.xxx:59871] 200 GET /accounts/1 (12 live) #1c30 TLS GZIP 0ms 517 bytes (pipelined: 2)
Mar 14, 2023 19:52:23.502 [0x7fd8c7a20b38] DEBUG - Request: [xxx.xxx.xxx.xxx:59868 (WAN)] GET /myplex/account (12 live) #1c2e TLS GZIP Signed-in Token (username) (Chrome)
Mar 14, 2023 19:52:23.503 [0x7fd8cc73eb38] DEBUG - Completed: [xxx.xxx.xxx.xxx:59868] 200 GET /myplex/account (12 live) #1c2e TLS GZIP 0ms 3753 bytes (pipelined: 2)
Mar 14, 2023 19:52:23.505 [0x7fd8c8e8eb38] DEBUG - Request: [xxx.xxx.xxx.xxx:59869 (WAN)] GET /system/:/prefs (12 live) #1c2f TLS GZIP Signed-in Token (username) (Chrome)
Mar 14, 2023 19:52:23.505 [0x7fd8c8e8eb38] DEBUG - [Req#1c2f] [com.plexapp.system] Sending command over HTTP (GET): /system/:/prefs
Mar 14, 2023 19:52:23.505 [0x7fd8c8e8eb38] DEBUG - [Req#1c2f/HCl#98] HTTP requesting GET http://127.0.0.1:35665/system/:/prefs
Mar 14, 2023 19:52:23.506 [0x7fd8cc53bb38] DEBUG - Completed: [xxx.xxx.xxx.xxx:59870] 200 GET /:/prefs (12 live) #1c31 TLS GZIP 5ms 9124 bytes (pipelined: 2)
Mar 14, 2023 19:52:23.511 [0x7fd8ca922b38] DEBUG - [HttpClient/HCl#98] HTTP/1.1 (0.0s) 200 response from GET http://127.0.0.1:35665/system/:/prefs
Mar 14, 2023 19:52:23.511 [0x7fd8c8e8eb38] DEBUG - [Req#1c2f] [com.plexapp.system] HTTP reply status 200, with 418 bytes of content.
Mar 14, 2023 19:52:23.511 [0x7fd8cc53bb38] DEBUG - Completed: [xxx.xxx.xxx.xxx:59869] 200 GET /system/:/prefs (12 live) #1c2f TLS GZIP 6ms 734 bytes (pipelined: 2)
Mar 14, 2023 19:52:25.132 [0x7fd8c7a20b38] DEBUG - Request: [xxx.xxx.xxx.xxx:59869 (WAN)] GET /diagnostics/logs (12 live) #1c35 TLS GZIP Signed-in Token (username) (Chrome)
Mar 14, 2023 19:52:25.132 [0x7fd8c7a20b38] DEBUG - [Req#1c35] Diagnostics: Building logfile zip

csjjpm · March 14, 2023, 8:03pm

Plex Media Server.log (1.6 MB)

Here is a sanitised log

ChuckPa · March 14, 2023, 8:20pm

Mar 14, 2023 16:26:57.191 [0x7fd8cce32aa8] DEBUG - [CERT] Subject name is /CN=*.f88c5b5b24174445bd2dfbc51e6d7da2.plex.direct
Mar 14, 2023 16:26:57.192 [0x7fd8cce32aa8] DEBUG - [CERT] Installed certificate with fingerprint 94:73:c9:ec:f1:bb:7d:c0:48:9b:43:c3:12:36:1e:d5:2d:72:e3:bc.
Mar 14, 2023 16:26:57.192 [0x7fd8cce32aa8] DEBUG - [CERT/OCSP] Stapling requests will be made to 'http://r3.o.lencr.org/'.
Mar 14, 2023 16:26:57.247 [0x7fd8cce32aa8] INFO - [CERT/OCSP] Successfully retrieved response from cache.
Mar 14, 2023 16:26:57.379 [0x7fd8cce32aa8] ERROR - [CERT] PKCS12_parse failed: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
Mar 14, 2023 16:26:57.379 [0x7fd8cce32aa8] ERROR - [CERT] Found a user-provided certificate, but couldn't install it.

Bad password opening the P12 ?

csjjpm · March 15, 2023, 10:02am

I tested the password on the PKCS #12 (PFX) file on the command line yesterday with openssl and it is fine. I’ve extracted key and pem files and generated new cert files.

I’ll recreate the PKCS #12 file and see if that fixes it as there is this same issue with another popular media server software!

csjjpm · March 15, 2023, 10:06am

I’ve created a new PFX file and updated the link but still get an error. When I investigte the ‘not secure’ the cert is a LetsEncrypt .plex.direct one

system · June 13, 2023, 10:06am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
QNAP PMS 1.24.5.5173 installed and now PLEX SSL certificate seems to be broken? Plex Media Server server-qnap	16	255	February 21, 2022
SSL Certificate Errors Plex Media Server server-linux , networking	1398	20730	October 20, 2023
Custom domain ssl does not work after update to server version 1.42.1.10060-4e8b05daf Plex Media Server server-docker	43	498	November 11, 2025
Cert not generated for new (second) PMS Desktops & Laptops server-windows	40	1476	January 8, 2020
New install of Plex Media Server on Ubuntu 22.04 getting SSL certificate errors Plex Media Server server-linux , player-windows	1	80	March 10, 2023

TrueNAS SCALE new setup - Plex pass docker SSL error

Related topics