Skip to content

Instantly share code, notes, and snippets.

@churro-s

churro-s/LetsEncrypt_HTTPS_plex.MD

Last active October 21, 2024 11:09
Show Gist options
  • Save churro-s/fa3fdeb5cf10ebb251aa88338b8b37db to your computer and use it in GitHub Desktop.
Save churro-s/fa3fdeb5cf10ebb251aa88338b8b37db to your computer and use it in GitHub Desktop.
Download ZIP
Setup Let's Encrypt certificate for use with Plex Media Server on Ubuntu
Raw
LetsEncrypt_HTTPS_plex.MD

Here's my setup:

  • Home server running Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-93-generic x86_64)
  • Plex Media Server debian package running on server
  • Netgear Nighthawk R6900 home router
  • Dynamic hostname from no-ip.org, which I'll use for this setup

Prep

Complete up to the "Generate the cert" section in this gist and stop just before the "Set up the certificate" section.

Your ceritifcate files should now be in this directory: /etc/letsencrypt/live/myhostname.no-ip.org/

I also assume your Plex server is port-forwarded to be accessible via port 32400: http://myhostname.no-ip.org:32400

Set up the certificate

Before we begin, we need to generate a PKCS #12 (.pfx) file from the Let's Encrypt certificate files. It's all the Let's Encrypt files archived, and bundled into one file.

Create the PCKS #12 file:

  1. Run the package command:

      sudo openssl pkcs12 -export -out ~/certificate.pfx \
    -inkey /etc/letsencrypt/live/myhostname.no-ip.org/privkey.pem \
    -in /etc/letsencrypt/live/myhostname.no-ip.org/cert.pem \
    -certfile /etc/letsencrypt/live/myhostname.no-ip.org/chain.pem

  2. You'll first be prompted for your sudo password.

    Next you'll be asked to enter a password to encrypt the .pfx file. Enter a password you won't mind saving in the Plex settings in plaintext.

  3. Hand it over to plex.

    sudo mv ~/certificate.pfx /var/lib/plexmediaserver
sudo chown plex:plex /var/lib/plexmediaserver/certificate.pfx

Have Plex use your PFX file

  1. Visit the Plex UI on your server: http://myhostname.no-ip.org:32400

  2. Go to Settings (icon on top right corner) > Server (tab) > Network (left navigation column).

    Click "SHOW ADVANCED" to see the necessary fields.

  3. Enter the following values:

    • Custom certificate location: /var/lib/plexmediaserver/certificate.pfx
    • Custom certificate encryption key: The password you entered on step 2 of last section
    • Custom certificate domain: https://myhostname.no-ip.org:32400

  4. Save your changes.

That's it. You don't even have to restart plex!

You can check the Plex\ Media\ Server.log file in /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Logs if you want to verify whether there were any errors.

Visit your server at https://myhostname.no-ip.org:32400 (Custom certificate domain) and see the HTTPS in action.

@ninjatill
Copy link

Instructions work great even for a windows installation. OpenSSL is included with Git for Windows so my script includes the full path to the openssl.exe file. I'm using Certbot with Let's Encrypt so I linked the script as another action in the Certbot auto renewal scheduled task. It should run as soon as certbot renews the certificate.

@Dusty410
Copy link

Dusty410 commented Feb 8, 2024

one more thing to add, the user:group on my synology server was PlexMediaServer:PlexMediaServer instead of plex:plex. had to set the certificate to that ownership to get it to work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment