Using a custom SSL certificate in Plex
Running Plex in a Docker container is easy to set up, easy to run, and super easy to update.
I have a custom domain, and get free certificates from Let's Encrypt.
Since I already have a setup to automatically obtain/renew certificates from Let's Encrypt, I also wanted to get a certificate for my Plex install, so I can reference a hostname, rather than an IP address.
However, unlike Nginx/Apache, and most other applications, using a custom SSL certificate in Plex isn't as easy as copying over the SSL certificate (and associated private key), as Plex wants a PKCS 12 formatted certificate/key.
Thankfully, it is easy enough to convert the Let's Encrypt-provided certificate to the PKCS 12 format, then using the resulting .pfx file in Plex.
Using a custom SSL certificate in Plex
-
Obtain SSL certificate from Let's Encrypt using your preferred method.
-
Convert the SSL certificate from Let's Encrypt, and the associated private key, into the PKCS 12 format.
In this example:
- Certificate name: cert.pem
- Private key name: privkey.pem
- Hostname: plex.nodinrogers.com
- Desired output file name: plex.nodinrogers.com.pfx
- We don't want a passphrase for the certificate
openssl pkcs12 -export -out plex.nodinrogers.com.pfx -inkey ./privkey.pem -in ./cert.pem -name plex.nodinrogers.com -passout pass:""
The pass:"" switch results in no passphrase being used for the certificate
- Determine the full path to the new certificate bundle.
On my NAS, I have Plex running in a Docker container, and on the NAS, I put the certificate bundle in /plex/Library/Application Support/Plex Media Server/cert.
However, within Docker, it's a different location:
docker exec -it plex /bin/bash
root@PlexServer:/# cd /config/Library/Application\ Support/Plex\ Media\ Server/cert/
root@PlexServer:~/Library/Application Support/Plex Media Server/cert# pwd
/config/Library/Application Support/Plex Media Server/cert
root@PlexServer:~/Library/Application Support/Plex Media Server/cert# ls
plex.nodinrogers.com.pfx
For the next step, the location would be from the perspective of the Docker container, so: /config/Library/Application Support/Plex Media Server/cert
- Configure Plex to use the new PKCS 12 certificate bundle:
- Open the Settings (wrench icon in the upper right hand corner)
- Under the Plex server, on the left hand side, select Network and select SHOW ADVANCED
- Fill in the location, including the certificate bundle, in the 'Custom certificate location'
- In this example, the full path would be: /config/Library/Application Support/Plex Media Server/cert/plex.nodinrogers.com.pfx
- Since we didn't use a passphrase for the certificate bundle, leave the Custom certificate encryption key blank
- Fill in the 'Custom certificate domain'
- In this example, that would be plex.nodinrogers.com
- Click Save Changes
- Restart the Plex Docker container, so it uses the new certificate settings
docker restart plex
References
Let's Encrypt https://letsencrypt.org/
Wikipedia - PKCS 12 https://en.wikipedia.org/wiki/PKCS_12