Plex Media Server 1.18.4.2171 (December 21st 2019)
Plex Web Client (v4.20.1)
When connecting remotely (outside of home network) via Plex Web Client (v4.20.1), I get the message that --> Unable to connect to “MyPlexServer” securely
UPDATE: Note that this was working earlier in the day, and randomly stops. It can work for many hours, but it used to work all the time (now not so much).
Chrome Browser Version 79.0.3945.117 (Official Build) (64-bit)
URL --> https://app.plex.tv/desktop?secure=1
UPDATE: Tried --> http://app.plex.tv/desktop but it tried to connect securely anyway, and failed again in the same manner as the original message (the title of this post)
Chrome shows certificate padlock as OK: Certificate Information: DigiCert SHA2 Secure Server CA, issued to *.plex.tv
Connecting device is Windows 10
Plex server gets its DNS from 8.8.8.8
Router has port forwarding enabled - and this works.
Plex “Secure connections” option is set to “Preferred”
Clicking “Allow unsecure connections” doesn’t do anything as Chrome just rotates between the following:
Waiting for assets.plex.tv…
Processing request…
I can connect remotely some of the time. Meaning it can be up for hours, but then it stops for no apparent reason.
Stopping and starting Remote Access with the Plex Media Server options generally re-enables everything to work again, but for it to randomly stop again at some point in the future.
This is only a relatively recent thing, as I never had any of these issues on previous versions on the PMS.
I have read and reread articles on this site and Reddit on this topic.
I really need some additional pointers as to why this keeps happening - and now stops me from accessing my server
There are a lot of components involved, which all have to play together nicely.
Connecting securely from remote requires a decent DNS service, which updates fast enough, after your home internet connection had another IP change.
Domestic internet connections usually change their external IP address after a while (depending on the ISP and the tariff, this can be mere hours, but also can go up to months).
Whenever that happens, your Plex server need to take notice of it, which can take up to 30 minutes in the worst case.
Then the server informs plex.tv of the new external IP and a connection test is performed.
Then plex.tv will update the existing FQDN record for your server in the DNS system. (Your server will get an individual subdomain on the *.plex.direct domain and a fitting cryptographic certificate, fully automatically.)
Then plex.tv informs all authorized clients about the IP change.
More details about how all that works can be found here: https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/
Now the IP change of your server’s domain name needs to propagate down to the DNS resolver of the network where your client is sitting. If that doesn’t happen fast enough, your client will try to contact the wrong IP address. Which of course will fail. So in this case all it can do is to try the raw IP address. But there is no crypto cert for an IP address. So secure connections are not possible.
TL;DR: your client needs a good DNS service. If the network where the client is sitting doesn’t have one, you won’t be able to use secure connections.
Sometimes you can configure the computer where your remote client is running to use a different DNS resolver. You can try to use Google there as well. (But some public WiFi hotspots will even interfere with that and forcefully insert their own DNS server. So it won’t work everywhere.)
