Skip to content

Instantly share code, notes, and snippets.

@churro-s

churro-s/LetsEncrypt_HTTPS_plex.MD

Last active February 26, 2025 23:20
Show Gist options
  • Save churro-s/fa3fdeb5cf10ebb251aa88338b8b37db to your computer and use it in GitHub Desktop.
Save churro-s/fa3fdeb5cf10ebb251aa88338b8b37db to your computer and use it in GitHub Desktop.
Download ZIP
Setup Let's Encrypt certificate for use with Plex Media Server on Ubuntu
Raw
LetsEncrypt_HTTPS_plex.MD

Here's my setup:

  • Home server running Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-93-generic x86_64)
  • Plex Media Server debian package running on server
  • Netgear Nighthawk R6900 home router
  • Dynamic hostname from no-ip.org, which I'll use for this setup

Prep

Complete up to the "Generate the cert" section in this gist and stop just before the "Set up the certificate" section.

Your ceritifcate files should now be in this directory: /etc/letsencrypt/live/myhostname.no-ip.org/

I also assume your Plex server is port-forwarded to be accessible via port 32400: http://myhostname.no-ip.org:32400

Set up the certificate

Before we begin, we need to generate a PKCS #12 (.pfx) file from the Let's Encrypt certificate files. It's all the Let's Encrypt files archived, and bundled into one file.

Create the PCKS #12 file:

  1. Run the package command:

      sudo openssl pkcs12 -export -out ~/certificate.pfx \
    -inkey /etc/letsencrypt/live/myhostname.no-ip.org/privkey.pem \
    -in /etc/letsencrypt/live/myhostname.no-ip.org/cert.pem \
    -certfile /etc/letsencrypt/live/myhostname.no-ip.org/chain.pem

  2. You'll first be prompted for your sudo password.

    Next you'll be asked to enter a password to encrypt the .pfx file. Enter a password you won't mind saving in the Plex settings in plaintext.

  3. Hand it over to plex.

    sudo mv ~/certificate.pfx /var/lib/plexmediaserver
sudo chown plex:plex /var/lib/plexmediaserver/certificate.pfx

Have Plex use your PFX file

  1. Visit the Plex UI on your server: http://myhostname.no-ip.org:32400

  2. Go to Settings (icon on top right corner) > Server (tab) > Network (left navigation column).

    Click "SHOW ADVANCED" to see the necessary fields.

  3. Enter the following values:

    • Custom certificate location: /var/lib/plexmediaserver/certificate.pfx
    • Custom certificate encryption key: The password you entered on step 2 of last section
    • Custom certificate domain: https://myhostname.no-ip.org:32400

  4. Save your changes.

That's it. You don't even have to restart plex!

You can check the Plex\ Media\ Server.log file in /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Logs if you want to verify whether there were any errors.

Visit your server at https://myhostname.no-ip.org:32400 (Custom certificate domain) and see the HTTPS in action.

@omnibaer
Copy link

Thanks, these instructions were massively helpful! I ended up following these:
https://hobo.house/2016/11/11/how-to-use-self-signed-ssl-certificates-for-plex-media-server/
using the referenced python script (needed python39 and python3-pyOpenSSL) and ran it as python3 pem2plex.py with my PEM (issued and issuer, no CA) and private key and machine ID, and the resultant p12 validated finally after a Plex restart!

NOTE: I still see in my logs "[CERT/OCSP] Missing cert or issuer; skipping stapling" but this doesn't appear to affect proper TLS validation.

PPS if you want to get a LetsEncrypt cert on hard mode: set up a quick OpenShift cluster, install cert-manager, set up your ClusterIssuer to use LetsEncrypt, install a webhook for your DNS service (might have to write your own) and use that to get certs issued for your domain lol

@CrazyBebop
Copy link

Hi,

This link: https://gist.github.com/srilankanchurro/e56fa7aee3b2cf36f9c240c90f456494#generate-the-cert no longer works, anyone have the instructions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment