Instantly share code, notes, and snippets.

Embed
What would you like to do?
Setup Let's Encrypt certificate for use with Plex Media Server on Ubuntu

Here's my setup:

  • Home server running Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-93-generic x86_64)
  • Plex Media Server debian package running on server
  • Netgear Nighthawk R6900 home router
  • Dynamic hostname from no-ip.org, which I'll use for this setup

Prep

Complete up to the "Generate the cert" section in this gist and stop just before the "Set up the certificate" section.

Your ceritifcate files should now be in this directory: /etc/letsencrypt/live/myhostname.no-ip.org/

I also assume your Plex server is port-forwarded to be accessible via port 32400: http://myhostname.no-ip.org:32400

Set up the certificate

Before we begin, we need to generate a PKCS #12 (.pfx) file from the Let's Encrypt certificate files. It's all the Let's Encrypt files archived, and bundled into one file.

Create the PCKS #12 file:

  1. Run the package command:

      sudo openssl pkcs12 -export -out ~/certificate.pfx \
        -inkey /etc/letsencrypt/live/myhostname.no-ip.org/privkey.pem \
        -in /etc/letsencrypt/live/myhostname.no-ip.org/cert.pem \
        -certfile /etc/letsencrypt/live/myhostname.no-ip.org/chain.pem
  2. You'll first be prompted for your sudo password.

    Next you'll be asked to enter a password to encrypt the .pfx file. Enter a password you won't mind saving in the Plex settings in plaintext.

  3. Hand it over to plex.

    sudo mv ~/certificate.pfx /var/lib/plexmediaserver
    sudo chown plex:plex /var/lib/plexmediaserver/certificate.pfx

Have Plex use your PFX file

  1. Visit the Plex UI on your server: http://myhostname.no-ip.org:32400

  2. Go to Settings (icon on top right corner) > Server (tab) > Network (left navigation column).

    Click "SHOW ADVANCED" to see the necessary fields.

  3. Enter the following values:

    • Custom certificate location: /var/lib/plexmediaserver/certificate.pfx
    • Custom certificate encryption key: The password you entered on step 2 of last section
    • Custom certificate domain: https://myhostname.no-ip.org:32400
  4. Save your changes.

That's it. You don't even have to restart plex!

You can check the Plex\ Media\ Server.log file in /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server/Logs if you want to verify whether there were any errors.

Visit your server at https://myhostname.no-ip.org:32400 (Custom certificate domain) and see the HTTPS in action.

@frostnacht

This comment has been minimized.

Show comment
Hide comment
@frostnacht

frostnacht Feb 4, 2018

Thank you for your description! I applied it to Ubuntu 17.10, so I had to change a minimal part of the setup (cerbot-auto renamed to certbot), and the cron-job is already included - works like a charm!
Did you also created a cron job for converting the certificate to PCKS#12 or are you doing it still manually? :-)

BR frostl

frostnacht commented Feb 4, 2018

Thank you for your description! I applied it to Ubuntu 17.10, so I had to change a minimal part of the setup (cerbot-auto renamed to certbot), and the cron-job is already included - works like a charm!
Did you also created a cron job for converting the certificate to PCKS#12 or are you doing it still manually? :-)

BR frostl

@cliffalbert

This comment has been minimized.

Show comment
Hide comment
@cliffalbert

cliffalbert Mar 15, 2018

After reading the above (which works fine) I did get a bit further and changed a letsencrypt script for unifi to work with plex. You can find it here https://oisec.net/blog/plex-letsencrypt

cliffalbert commented Mar 15, 2018

After reading the above (which works fine) I did get a bit further and changed a letsencrypt script for unifi to work with plex. You can find it here https://oisec.net/blog/plex-letsencrypt

@tony199555

This comment has been minimized.

Show comment
Hide comment
@tony199555

tony199555 Jul 11, 2018

Thank you for the tutorial. I have successfully make a bash file on synology to run monthly to renew every now and then to keep up with letsencrypt.

tony199555 commented Jul 11, 2018

Thank you for the tutorial. I have successfully make a bash file on synology to run monthly to renew every now and then to keep up with letsencrypt.

@frostnacht

This comment has been minimized.

Show comment
Hide comment
@frostnacht

frostnacht Jul 31, 2018

Thx guys... It is doing great, even with a plain install on Ubuntu 18.04!

My Plex is also running IPv6 only - no NATing or port forwarding, so certbot is using the native port:443.
I experienced some problems with stateless autoconf and IPv6-PD on 17.10, but wasn't able (or rather I didn't take time for it) to reproduce it.
I think it was more the faulty installation than the Ubuntu itself.

Nevertheless thanks for your effort!

frostl

frostnacht commented Jul 31, 2018

Thx guys... It is doing great, even with a plain install on Ubuntu 18.04!

My Plex is also running IPv6 only - no NATing or port forwarding, so certbot is using the native port:443.
I experienced some problems with stateless autoconf and IPv6-PD on 17.10, but wasn't able (or rather I didn't take time for it) to reproduce it.
I think it was more the faulty installation than the Ubuntu itself.

Nevertheless thanks for your effort!

frostl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment