Import certificates through Plex settings to enable HTTPS access without using nginx for reverse proxy.
1. Prepare the certificate#
I obtained my certificate using the acme method, which I have detailed in a previous article. You can refer to it at https://tyuans.com/linux%e4%bd%bf%e7%94%a8acme%e7%94%b3%e8%af%b7%e8%af%81%e4%b9%a6/
2. Convert the certificate#
Plex requires a .pfx file for adding certificates, but acme generates .key and .cer files. Therefore, we need to convert them using the openssl command.
# First, navigate to the directory where the acme-generated certificates are located:
cd ~/.acme/youdomain.com
# youdomain.com is your domain name. -out specifies the output pfx file name, -inkey is for importing the key, and -in is for importing the cer certificate.
openssl pkcs12 -export -out youdomain.com.pfx -inkey youdomain.com.key -in youdomain.com.cer
# Then enter the passphrase, which is the password. Make sure to enter it.
3. Copy the certificate to the folder where Plex can find it#
Since my Plex server is set up using Docker, the directory is mapped. You can refer to the detailed setup method at https://tyuans.com/docker%e5%ae%89%e8%a3%85plex/
Copy the pfx file to the mapped /video directory in the container. In my case, it is /usr/plex/video.
# Make sure to perform the copy operation in the corresponding domain folder in .acme.
cp youdomain.com.pfx /usr/plex/video/
After copying, go to any library, click Edit, and Add Folder. You can select the path and see that the certificate appears under /video.
4. Plex settings#
Go to Settings, then Network, and under Advanced Options:
Custom certificate location: /video/youdomain.com.pfx
Custom certificate encryption key: Enter the password set during the certificate conversion
Custom certificate domain: Your domain name, youdomain.com
Custom server access URL: http://youdomain.com:32400/web, https://youdomain.com:32400/web
# You can modify the port according to your situation
5. Script update#
The certificate needs to be renewed every 3 months. We need to write a script to convert and copy the renewed certificate to the Plex mapped folder at regular intervals. Remember to change the absolute path.
Combine the conversion and copy commands from earlier, set up a cron job, and schedule it based on the certificate application time. In my case, I execute it on the 1st of every month. If you're not familiar with cron jobs, you can use an online website to calculate the schedule. https://tool.lu/crontab/
vim plexpfx.sh
openssl pkcs12 -export -out /root/.acme/youdomain.com/youdomain.com.pfx -inkey /root/.acme/youdomain.com/youdomain.com.key -in /root/.acme/youdomain.com/youdomain.com.cer
cp /root/.acme/youdomain.com/youdomain.com.pfx /usr/plex/video/
# Add execution permission
chmod +x plexpfx.sh
crontab -e
0 1 1 */1 * /root/cronsh/plexpfx.sh