Using a custom SSL certificate in Plex

calendar June 1, 2022 nav_categories Tech nav_categories Application nav_tags plex nav_tags ssl nav_tags certificate nav_tags docker

Running Plex in a Docker container is easy to set up, easy to run, and super easy to update.

I have a custom domain, and get free certificates from Let's Encrypt.

Since I already have a setup to automatically obtain/renew certificates from Let's Encrypt, I also wanted to get a certificate for my Plex install, so I can reference a hostname, rather than an IP address.

However, unlike Nginx/Apache, and most other applications, using a custom SSL certificate in Plex isn't as easy as copying over the SSL certificate (and associated private key), as Plex wants a PKCS 12 formatted certificate/key.

Thankfully, it is easy enough to convert the Let's Encrypt-provided certificate to the PKCS 12 format, then using the resulting .pfx file in Plex.

Using a custom SSL certificate in Plex

  1. Obtain SSL certificate from Let's Encrypt using your preferred method.

  2. Convert the SSL certificate from Let's Encrypt, and the associated private key, into the PKCS 12 format.

In this example:

  • Certificate name: cert.pem
  • Private key name: privkey.pem
  • Hostname: plex.nodinrogers.com
  • Desired output file name: plex.nodinrogers.com.pfx
  • We don't want a passphrase for the certificate
openssl pkcs12 -export -out plex.nodinrogers.com.pfx -inkey ./privkey.pem -in ./cert.pem -name plex.nodinrogers.com -passout pass:""

The pass:"" switch results in no passphrase being used for the certificate

  1. Determine the full path to the new certificate bundle.

On my NAS, I have Plex running in a Docker container, and on the NAS, I put the certificate bundle in /plex/Library/Application Support/Plex Media Server/cert.

However, within Docker, it's a different location:

docker exec -it plex /bin/bash
root@PlexServer:/# cd /config/Library/Application\ Support/Plex\ Media\ Server/cert/

root@PlexServer:~/Library/Application Support/Plex Media Server/cert# pwd
/config/Library/Application Support/Plex Media Server/cert

root@PlexServer:~/Library/Application Support/Plex Media Server/cert# ls
plex.nodinrogers.com.pfx

For the next step, the location would be from the perspective of the Docker container, so: /config/Library/Application Support/Plex Media Server/cert

  1. Configure Plex to use the new PKCS 12 certificate bundle:
  • Open the Settings (wrench icon in the upper right hand corner)
  • Under the Plex server, on the left hand side, select Network and select SHOW ADVANCED
    Plex network selection
  • Fill in the location, including the certificate bundle, in the 'Custom certificate location'
    • In this example, the full path would be: /config/Library/Application Support/Plex Media Server/cert/plex.nodinrogers.com.pfx
  • Since we didn't use a passphrase for the certificate bundle, leave the Custom certificate encryption key blank
  • Fill in the 'Custom certificate domain'
    • In this example, that would be plex.nodinrogers.com
  • Click Save Changes

Plex custom certificate

  1. Restart the Plex Docker container, so it uses the new certificate settings
docker restart plex

References

Let's Encrypt https://letsencrypt.org/

Wikipedia - PKCS 12 https://en.wikipedia.org/wiki/PKCS_12