Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Setup Let's Encrypt certificate for use with Plex Media Server on Ubuntu

Here's my setup:

  • Home server running Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-93-generic x86_64)
  • Plex Media Server debian package running on server
  • Netgear Nighthawk R6900 home router
  • Dynamic hostname from, which I'll use for this setup


Complete up to the "Generate the cert" section in this gist and stop just before the "Set up the certificate" section.

Your ceritifcate files should now be in this directory: /etc/letsencrypt/live/

I also assume your Plex server is port-forwarded to be accessible via port 32400:

Set up the certificate

Before we begin, we need to generate a PKCS #12 (.pfx) file from the Let's Encrypt certificate files. It's all the Let's Encrypt files archived, and bundled into one file.

Create the PCKS #12 file:

  1. Run the package command:

      sudo openssl pkcs12 -export -out ~/certificate.pfx \
        -inkey /etc/letsencrypt/live/ \
        -in /etc/letsencrypt/live/ \
        -certfile /etc/letsencrypt/live/
  2. You'll first be prompted for your sudo password.

    Next you'll be asked to enter a password to encrypt the .pfx file. Enter a password you won't mind saving in the Plex settings in plaintext.

  3. Hand it over to plex.

    sudo mv ~/certificate.pfx /var/lib/plexmediaserver
    sudo chown plex:plex /var/lib/plexmediaserver/certificate.pfx

Have Plex use your PFX file

  1. Visit the Plex UI on your server:

  2. Go to Settings (icon on top right corner) > Server (tab) > Network (left navigation column).

    Click "SHOW ADVANCED" to see the necessary fields.

  3. Enter the following values:

    • Custom certificate location: /var/lib/plexmediaserver/certificate.pfx
    • Custom certificate encryption key: The password you entered on step 2 of last section
    • Custom certificate domain:
  4. Save your changes.

That's it. You don't even have to restart plex!

You can check the Plex\ Media\ Server.log file in /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Logs if you want to verify whether there were any errors.

Visit your server at (Custom certificate domain) and see the HTTPS in action.


This comment has been minimized.

Copy link

frostnacht commented Feb 4, 2018

Thank you for your description! I applied it to Ubuntu 17.10, so I had to change a minimal part of the setup (cerbot-auto renamed to certbot), and the cron-job is already included - works like a charm!
Did you also created a cron job for converting the certificate to PCKS#12 or are you doing it still manually? :-)

BR frostl


This comment has been minimized.

Copy link

cliffalbert commented Mar 15, 2018

After reading the above (which works fine) I did get a bit further and changed a letsencrypt script for unifi to work with plex. You can find it here


This comment has been minimized.

Copy link

tony199555 commented Jul 11, 2018

Thank you for the tutorial. I have successfully make a bash file on synology to run monthly to renew every now and then to keep up with letsencrypt.


This comment has been minimized.

Copy link

frostnacht commented Jul 31, 2018

Thx guys... It is doing great, even with a plain install on Ubuntu 18.04!

My Plex is also running IPv6 only - no NATing or port forwarding, so certbot is using the native port:443.
I experienced some problems with stateless autoconf and IPv6-PD on 17.10, but wasn't able (or rather I didn't take time for it) to reproduce it.
I think it was more the faulty installation than the Ubuntu itself.

Nevertheless thanks for your effort!



This comment has been minimized.

Copy link

t00minator commented Nov 9, 2018

Thanks so much for this Charitha Sathkumara! Just to let y'all know, it worked seamlessly on my Fedora 28 box. Cheers!


This comment has been minimized.

Copy link

RogerSik commented Dec 26, 2018

Worked fine! Only issue: I needed to restart the plex service to use the certificate.


This comment has been minimized.

Copy link

azzaka commented Mar 14, 2019

Legend. Worked a treat, however i used the method on Windows 10 Pro with Bash. Once the cert was created via bash, i then followed your steps and copied the file to a windows mount and saved the amended cert :)


This comment has been minimized.

Copy link

andyforceno commented Nov 26, 2019

The "custom certificate domain" setting in Plex, under Network, should be set to just the domain, as the certificate itself specifies, without https or a port number. That works for me, anyway. I found specifying anything else does not work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.