Comments (6)
Hey @mkanet. You're in luck, Posh-ACME already generates PKCS12 files for you by default. They have the .pfx
extension. You can get the path from the PfxFile
and PfxFullChain
properties on the output of Get-PACertificate
. PfxFile has just the leaf cert and private key. PfxFullChain has leaf cert, private key, and chain certs. Have a loot at the output of Get-PACertificate | Format-List
.
The password associated with the PFX files (which I think is what plex is referring to as the encryption key) is whatever is configured for PfxPass
on the associated order object. By default, it's just poshacme
.
from posh-acme.
Also out of curiosity, why do you need a custom cert for Plex? It generates publicly valid certs all on its own if I recall correctly.
from posh-acme.
@rmbolger thank you so much. Just a note; I am able to access https://plex.mydomain.com
from my web browser internally on my network as well as externally. However, I keep getting the below warning message in Plex's console immediately after accessing https://plex.mydomain.com
or https://plex.mydomain.com
with my web browser; as well as when using my Plex Android apps.
Request came in with unrecognized domain / IP 'plex.mydomain.com' in header Referer; treating as non-local
I thought if I were to explicitly set the cert in the fields above, it would recognize my domain as local. I'm not sure if explicitly pointing to my certs in Plex would even be applicable to my configuration.
If you have any tips or suggestions, I would really appreciate it.
Below, is my NGINX.conf for Plex:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate ./ssl/fullchain.cer;
ssl_certificate_key ./ssl/cert.key;
ssl_prefer_server_ciphers on;
server_name plex.mydomain.com;
client_max_body_size 0;
set $plex http://127.0.0.1:32400;
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
# Forward real ip and host to Plex
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
#When using ngx_http_realip_module change $proxy_add_x_forwarded_for to '$http_x_forwarded_for,$realip_remote_addr'
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
location / {
proxy_pass $plex;
}
}
from posh-acme.
@rmbolger actually explicitly adding the pfx and key files in Plex's configuration didn't make any difference. I'm not even sure if its a good idea to add the pfx and key files in Plex's configuration. Maybe, I should remove those certs from plex's config?
Maybe, Request came in with unrecognized domain / IP 'plex.mydomain.com' in header Referer; treating as non-local message could be mitigated by revising my NGINX config above? If so, any ideas what I could change in my ngnix.conf above?
from posh-acme.
I'm not super familiar on nginx configs, but that error doesn't look like it's cert related.
In any case, I think you only need a custom cert if you want to connect directly to the server via a custom name without cert errors. I don't ever connect to mine directly though. I use the web launcher here: https://app.plex.tv/desktop
from posh-acme.
@rmbolger no worries. I already can access https://plex.mydomain.com instead of https://app.plex.tv/desktop from outside and inside my network without any errors in the web browser. I only get prompted once to authenticate. After that, it can just get to my Plex interface every time.
The only issue I have is the message I get in Plex's console when I login via my custom domain name that plex doesn't recognize my custom domain in the header. Anyway, I'll keep looking for a solution.
As always, thank you for your time.
from posh-acme.
Related Issues (20)
- Set-PAOrder revokes certificate when -Force used, even with -RevokeCert:$false HOT 1
- [WebRoot Plugin] Support for Network Share Credentials HOT 3
- Is there a reason that the (Get-PACertificate).RenewAfter property is a [System.String] when the NotBefore and NotAfter are [datetime]? HOT 2
- How to use with PowerDNS, can't fins DNS-plugin? HOT 12
- Feedback Request: Dropping Support for PowerShell 5.1 HOT 5
- 1year / 365 days cert ZeroSSL (aka Lifetime LifetimeDays variable) HOT 8
- WEDOS DNS support ? HOT 5
- Multiple Accounts with DigiCert HOT 4
- Cloudflare Plug In fails to convert String to SecureString HOT 7
- Submit-Renewal doesn't appear to follow ErrorAction HOT 2
- Is there a full list of supported fields for -Subject? HOT 3
- 404 on Submit-ChallengeValidation when using LetsEncrypt Staging HOT 1
- OVH plugin using DnsAlias fails if not using subdomain of the OVHdomain HOT 2
- Trying to use ZeroSSL HOT 4
- Problem with OVH plugin for creating/renewing certificates HOT 8
- Error requesting certificate with WebRoot plugin HOT 5
- FullChainFile doesn't contain ISRG Root X1 HOT 9
- Active24 plugin no longer working HOT 25
- Pull cert into local certificate store using FQDN and Subsequent renew HOT 5
- CmdLets Repeatedly asking for DNS Text Records HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from posh-acme.