Webhook Broken

Encephalon · July 17, 2018, 7:20pm

Hi,

I’ve had a web hook set up for many months now and it has been working flawlessly.

However, it stopped functioning around the 30th June according to my logs. I figured I’d broken something but after investigation I’m certain Plex is not firing the web hook anymore.

I’ve set the script to send me an email when it’s hit. When I visit the page in my browser the email is sent. If I play, stop, skip any media on Plex in my browser or iOS app I don’t get an email indicating the web hook isn’t being run.

I’ve tried deleting and recreating the webhook to no avail. What can I do?

Encephalon · July 18, 2018, 9:30pm

Just to add that Webhooks are enabled in my Plex Server settings. I also tried disabling the firewall just in case - but external access is all working fine regardless.

I’m out of ideas, any suggestions would be welcome!

Thanks!

Encephalon · July 20, 2018, 1:01pm

I’ve had a flick through the logs but cannot see anything mentioning webhooks. Is there anything to be found in the logs?

Any Plex Ninjas with any ideas?

Thanks.

Encephalon · July 23, 2018, 4:13pm

Hi trumpy81,

Thank you for replying; it was very useful! I hadn’t considered it being a domain issue.

I tried your link which was a very useful resource and found it worked correctly. I therefore setup another webhook to a secondary domain on the same server as to the one I was having issues with - and it worked…

The only difference between the two domains was the SSL/TLS certificate. The one not working using a Comodo certificate and the one working using a Let’s Encrypt certificate. I went back to the Plex logs and stumbled across the following error: SSL certificate problem: unable to get local issuer certificate

There is some issue with CURL, my VPS, and the location of the PEM needed for CURL I believe. It’s amendable in the php.ini file, but I haven’t got that far yet. My knowledge of SSL/TLS is not extensively technical enough to understand why the LE one works but the paid Comodo one doesn’t. Yet…

If I come to understand the issue properly I’ll post back here as it may be useful to someone else! If anyone is savvy in this area I’d be interested in your thoughts!

Thanks!

Encephalon · July 24, 2018, 5:10pm

Hi trumpy81,

I’ve fixed the issue and it’s important I share with you the root cause in hope that you can escalate it to the powers that be so it can be fixed.

There were lots of red herrings in my hunt to find the issue. My Comodo certificate renewed about the time the webhook stopped working. I upgraded to a VPS from shared hosting only a few months before the certificate renewal & did a major upgrade of DSM on the NAS about the same time the webhook stopped working too.

In my last post, after a very brief read of the error I found, I said it was probably to do with my Server (either with the VPS, the certificate or the php.ini file). However I researched how these certificates work and determined the problem had to be with Plex Media Server.

This is what happens (simplified):

Plex Media Server sends a curl request to my script. It sees the certificate and picks out the issuer of the certificate, in this case ‘COMODO RSA Domain Validation Secure Server CA’. Plex Server is packaged with a cacert.pem file. This file lists all the certificate authorities (issuers) and validates the issuer. However, the cacert file included with PMS is well out-of-date. The very first line states when it was created:

## Certificate data from Mozilla as of: Thu Apr 7 03:47:06 2011

This is the problem. My Comodo certificate renewed and the relevant issuer & public key isn’t in the cacert file packaged by PMS, because it’s so out-of-date.

I went into the package files for PMS on my NAS and replaced the cacert.pem file with the newest version available and my issue is resolved!

Here’s a link to the latest version is anyone wants it (official):

They also have a lot of information to understand how the process works.

I suggest the cacert.pem file is updated in the PMS package - I suspect other people may have issues too, especially with how prominent https is becoming.

If anyone needs help updating their cacert file on Synology NAS I can provide a walkthrough. It’s simpler to update on Windows (which I also tried and validated). I can provide information on that too, if anyone needs it.

Thanks!

Moderator Edit: Link to unofficial certificate removed.

Encephalon · July 24, 2018, 5:44pm

I checked that already. There’s no issue with the installation of my certificate and verified with my host. As stated above, my issue is resolved now with the updated cacert.pem file as pulled from Mozilla. The file packaged with PMS is out-of-date, it’s as simple as that.

I appreciate why you removed the link I posted above, however, I do encourage Plex to update the packaged cacert file so we users don’t have to update it ourselves. There’s nothing else I can say here. Thanks for your help and I’m happy I was able to resolve the issue!

ChuckPa · July 24, 2018, 5:55pm

@Encephalon

I checked with Engineering.

How it works: That pem is used to bootstrap to the current cert which is downloaded from plex.tv
It’s only of consequence if someone tries to replace it with something else because Plex.tv is expecting that signature.

Replacing the cert PMS ships with is usually how stuff breaks and likely what you stepped into
The docs say to add your cert to PMS, not replace PMS’ default cert

I wrote up a ticket to get it updated anyway. It shouldn’t be that old. I thank you very much for that

Encephalon · July 25, 2018, 8:01am

Hi Chuck!

Thanks for the reply and explaining how it’s supposed to work. When you discuss ‘replacing the cert’, you mean the digicert included in PMS? It’s true, I am using a ‘custom’ certificate because I access Plex via a domain and not that of Plex.

However, I wasn’t aware I was ‘replacing’ and therefore causing this issue. You refer to ‘docs’, but I’m afraid I wasn’t able to find any documentation when I initially ‘replaced’ the certificate. I relied heavily on the success of those who managed to achieve setting up a custom certificate in the forums here, and followed by ‘what worked for them’ - which was to create the certificate in the required format and set the 3 required fields in the Plex server settings.

Can you point me in the direction of the documentation you mention so I can understand better what you mean by ‘add’, then I can correct my mistake - also to avoid potentially breaking other features of Plex because of this.

Thanks for raising the ticket too, to have it updated. I’m happy to have found it, even if it’s a fallback that shouldn’t have been required.

Fanfare0887 · August 19, 2018, 1:23pm

@ChuckPa

I was also hoping you could share the documentation on how to add a certain instead of replacing the entire file. I’m looking to add a self signed certificate to the collection to allow my Plex server to hit an https webhook that is signed with a local network self signed certificate.

Right now in the logs it says it can’t validate for obvious reasons, but it looks like adding the cert should get it to correctly resolve.

ChuckPa · August 19, 2018, 5:28pm

You don’t REPLACE plex’s cert. Attempting to do so is what causes problems because it invalidates secure connections between PMS and Plex.tv

ADDing your cert is how it works.

https://support.plex.tv/articles/200430283-network/

system · November 17, 2018, 5:28pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cert not generated for new (second) PMS Desktops & Laptops server-windows	40	1472	January 8, 2020
Plex Server fresh install not fetching CERT General Discussions	8	215	February 15, 2019
Updated plexconnect now it's not working Apps & Creations	11	119	December 21, 2019
WebServer_SSL not alive Apps & Creations	16	145	December 21, 2019
Plex overwrites certificate.p12 on startup - unable to specify own SSL server certificate NAS & Devices server-synology	3	473	January 8, 2020

Webhook Broken

Related topics