Letsencrypt and plex media server

From OISecWiki

NOTE: I haven't used plex media server in a long long while (moved to emby since 2018). So no guarantees that this still works.

Plex uses it's own certificates pointing to <uuid>.plex.direct for it's internal indirect modus. As I use plex mainly using chrome it would be nice for it to have a valid certificate. This is based on plex on ubuntu 17.10. I got inspired by the following gisthub post. For that I modified the Unifi Controller script to suit plex it's need. Latest version is available on github.

Run the script as following

sudo ./gen-plex-cert.sh -d plex.domain.com

Now go to the Plex UI.

Go to Settings (icon on top right corner) > Server (tab) > Network (left navigation column).

Click "SHOW ADVANCED" to see the necessary fields.

Enter the following values:

Custom certificate location: /var/lib/plexmediaserver/certificate.pfx

Custom certificate encryption key: PLeXMeDiaSeRVeR (this is the default key used in the script (change it))

Custom certificate domain: https://plex.domain.com:32400

Save your changes.

Obvious you want the certificate to update it self. Copy the script to /usr/local/sbin and add the following to /etc/cron.d/plex-cert-update

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/local/sbin/gen-plex-cert.sh -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && /usr/local/sbin/gen-plex-cert.sh -r -d plex.domain.com