Hello,
I would like to use my own DDNS domain name because the server is behind VPN.
Why is necessary custom certificate? Can use the various app client plex (iOS) for connect in a different IP pubblic?
Please explame me, why it is not possible without certificate. thank you.
P.S. i have connection secure: prefered, not only secure.
Plex Media Server, on your host, maintains a secure connection to both Plex.tv and to its applications. The only way to guarantee their identity is with Plex’s certificates.
You may add your certificate to PMS after installation if you wish but you may never supersede Plex’s certificate when it communicates with Plex.tv
You add your certificate as a secondary certificate in “Settings - Server - Network - Show Advanced”
thanks for your answer. i didn’t understand why i need to insert a certificate for the domain when i just want the DDNS name to be resolved for the discovery of the server.
i don’t want supersede plex’ certificate.
If you’re using a DDNS , with a cert, that’s why you need inform Plex about it.
If you just have an IP-tracker type, without cert, then there is nothing else to do.
i have a change-ip.com provider for DDNS, and let’s encrypt. Synology NAS.
if i don’t insert the cert, Plex doesnt’ work with only HTTP/HTTPS url discovery. Then, i insert the cert and it will work. So URL discovery textbox, how works?. I use connection secure: prefered.
What is DDNS with a cert? change-ip and my cert are separeted.
in VPN down, Plex detect the IP of my gateway. And we don’t need to insert cert because it use the plex.tv’s cert?
when plex doesnt detect the IP, in VPN up, why we need insert a cert with domain name for discovery?
VPN’s and Plex are a mess.
yes sure.
but, why it is necessary introduce a cert when i configure a DDNS domain name to plex, indicate it to do the query for discovery the IP?
I don’t understand why it is necessary instead without VPN and a match of IP in router (with UPnP) it is not necessary. thanks
The cert is matched to the IP for SSL encryption and verification.
ok but in case of direct access (IP detect in the gateway), how this match is done?
(in this case i don’t insert cert, and domain name of DDNS).
Plex why don’t handshake with the IP of my domain name DDNS and i must insert the cert manually?
Plex can verify the ip of query DNS response, and match the server with identify key? As it was direct access and IP discovery with UPnP.
The previous post is incorrect. It has nothing to do with your IP. Certificates validate the DNS name associated with them. That is why a google.com certificate can never be used for another domain/DNS record. You also cannot go and buy a certificate for google.com because you do not have the authority to do so. You do not own that domain.
The same situation happens here. Since you are specifying your own name/domain you must provide a certificate for that name to validate you have the authority to issue a certificate for that name.
Plex uses their own domain to issue unique certificates to each server to keep the connections secure. That is why when using the remote access feature your connections are secure over the internet.
I would suggest you use their built in mechanisms unless you use a custom domain which you control so you can have a valid publicity issued certificate.
Does that make sense?
Since you are specifying your own name/domain you must provide a certificate for that name to validate you have the authority to issue a certificate for that name.
it seems a bit much to me to prove that i own that domain. There is also a private key in that file!
obviously if we have to use the certificate i agree with the approach. but if we want only prove, is too much.
but the question is another, i try to explain myself:
I would like to use the mechanism you say to make the certificate for my server. But not on the IP that Plex detects, because it is under VPN, but on a domain DDNS.
Why can’t Plex do the certificate generation mechanism on the IP of an NSLOOKUP of a domain that i indicate?
my purpose is not to use the domain name to access the server, but only to make a secure connection with a different IP than the one determined. I would like to use Plex’s certificate generation mechanism, but on a different IP than the one automatically detected.
That is what is violating the certificate.
You cannot use Plex’s certificates for your use.
Manually construct your own *.plex.direct URL for your server. You need two pieces of information to do this: Your WAN IP address and your unique Plex certificate UUID. To find the certificate UUID, open your Preferences.xml file in your Plex data directory. Locate the value of CertificateUUID. To construct the URL, use the following template:
A fully constructed custom access URL using the above template might look like:
https://123-123-123-123.abcdefgabcdefg1234567890.plex.direct:32400
Place this URL in the “Custom server access URLs” field on Settings → Network. The drawback to this approach is that you’ll have to change the URL if your WAN IP address changes.
If this doesn’t work, the first step in troubleshooting is to ensure that the FQDN you constructed resolves to the IP address you expect:
dig 123-123-123-123.abcdefgabcdefg1234567890.plex.direct
ok plex generate this certificate with the IP detected. Why can’t generate a certificate in the IP of DNS query of my own domain and send it to PMS just like it happens without the domain name?
why plex can’t regenerate a certificate in the IP that is in the DNS query? I don’t want use the certificate for IP x.x.x.x but create a certificate for the IP y.y.y.y if server responde (DNS query response = y.y.y.y for my domain )
Plex generates certificates for your server
It does this because your server has signed into your account and is authenticated to Plex.tv
Plex.tv generates the certificate for your server to use with its clients.
When clients, who are also authenticated, connect to your server, they exchange info. That trust is the basis which allows the encryption to be established.
When you attempt to enter into the ring from an unknown device, and it doesn’t authenticate, it will always be refused. This is how https works.
This is why, when you use something unknown to Plex, it is refused.
Plex.tv can generates the certificate for a server that was already authenticated in Plex.tv but present a different IP ? (the DNS response of my domain name, precisely)
