Unable to Obtain Certificate - Cert Rate Limited

Plex Media Server Remote Access
1

Server Version#: 1.40.4.8679-424562606
Player Version#: 4.133.0 (Plex Web)
<If providing server logs please do NOT turn on verbose logging, only debug logging should be enabled>

Hi team,

Reaching out for some support regarding the *.plex.direct certificates. I had some ISP outages recently and around this same time had to do some rebuilds for Plex. My failover connection was a double NAT for a couple of days, and I believe that the cert expired around this time and tried to renew using the private IP from the double NAT scenario which caused my current issue, preventing me from obtaining a new certificate and thus preventing me from enabling Remote Access in the conventional manner. Logs below:

Jul 11, 2024 16:46:16.672 [140311456131896] Debug — [HCl#90] HTTP requesting GET https://plex.tv/api/v2/devices/5711fa5dff6d1b470cd5c13d0bde9560399b836d/certificate/download
Jul 11, 2024 16:46:16.672 [140311456131896] Debug — [HCl#90] HTTP requesting GET https://plex.tv/api/v2/devices/5711fa5dff6d1b470cd5c13d0bde9560399b836d/certificate/download
Jul 11, 2024 16:46:16.672 [140311456131896] Debug — [HCl#90] HTTP requesting GET https://plex.tv/api/v2/devices/5711fa5dff6d1b470cd5c13d0bde9560399b836d/certificate/download
Jul 11, 2024 16:46:16.672 [140311456131896] Debug — [HCl#90] HTTP requesting GET https://plex.tv/api/v2/devices/5711fa5dff6d1b470cd5c13d0bde9560399b836d/certificate/download
Jul 11, 2024 16:46:16.830 [140311615515448] Debug — [HttpClient/HCl#90] HTTP/2.0 (0.2s) 429 response from GET https://plex.tv/api/v2/devices/5711fa5dff6d1b470cd5c13d0bde9560399b836d/certificate/download (reused)
Jul 11, 2024 16:46:16.830 [140311615515448] Debug — [HttpClient/HCl#90] HTTP/2.0 (0.2s) 429 response from GET https://plex.tv/api/v2/devices/5711fa5dff6d1b470cd5c13d0bde9560399b836d/certificate/download (reused)
Jul 11, 2024 16:46:16.830 [140311615515448] Debug — [HttpClient/HCl#90] HTTP/2.0 (0.2s) 429 response from GET https://plex.tv/api/v2/devices/5711fa5dff6d1b470cd5c13d0bde9560399b836d/certificate/download (reused)
Jul 11, 2024 16:46:16.830 [140311615515448] Debug — [HttpClient/HCl#90] HTTP/2.0 (0.2s) 429 response from GET https://plex.tv/api/v2/devices/5711fa5dff6d1b470cd5c13d0bde9560399b836d/certificate/download (reused)
Jul 11, 2024 16:46:16.831 [140311456131896] Error — CERT: Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429, 
Jul 11, 2024 16:46:16.831 [140311456131896] Error — CERT: Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429, 
Jul 11, 2024 16:46:16.831 [140311456131896] Error — CERT: Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429, 
Jul 11, 2024 16:46:16.831 [140311456131896] Error — CERT: Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429,

FWIW I am no longer behind a double NAT, so the next certificate should be able to process. I’m tunneling via CloudFlare for the time being to be able to access my server securely.

Please advise if further information is needed. Thanks all!

2

Saw this response from an older post:

Every time you restart the container, you are pulling a new certificate.
This tells me it can’t save the certificate it’s getting (permissions problem)
Library/Application Support/Plex Media Server/Cache/cert-v2.p12
Time to go hunting in there and find then fix the root problem.
I have reset your certificate.
After you fix the root problem, restart the server.

Pretty sure this is exactly what happened. My Plex container was in the realm of hundreds of restarts when I found it.

3

Still seeing the error, unfortunately. I tried leaving the server shutdown for several hours and powered it back on but no luck there.

Jul 15, 2024 11:06:28.295 [139889010027320] Debug — CERT: Forcing refresh.
Jul 15, 2024 11:06:28.297 [139889010027320] Debug — CERT: Certificate did not exist, fetching a new one.
Jul 15, 2024 11:06:31.634 [139889010027320] Error — CERT: Error acquiring new certificate: Failed to retrieve cert from plex.tv: 429,

@ChuckPa Sorry to tag directly; are you able to reset the certificate for my server? It would be much appreciated, if so. Please let me know if I need to provide any further details.

4

@LLajas

REALLY? :roll_eyes:

20 certificates wasted? :man_facepalming:

:rofl:

Think you should fix the filesystem permissions so it can actually SAVE the certificate
(/config/Library/Application Support/Plex Media Server/Cache )

I’ve reset your certs.

Fix the permissions then restart PMS and all clients.

You owe me :beers:

LOL

5

@ChuckPa Thank you!

Think you should fix the filesystem permissions so it can actually SAVE the certificate
(/config/Library/Application Support/Plex Media Server/Cache )

I actually managed to fix this last week, the reset was the last piece. Just bounced my server and I’ve confirmed I can see the *.plex.direct certificate and secure connections once again! :slight_smile:

Thank you again; please send my kindest regards to the cert authority, here! :sweat_smile:

1 Like
10

For posterity in case anyone else might be curious. This was the result of the restartPolicy on my Plex deployment which was set to always. The backing storage had issues and was preventing the cert (among other things) from writing, causing the pod to never fully quite start and then tripping the livenessProbe which restarted it each time, creating a vicious cycle.

Lesson learned here. :sweat_smile:

11

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.