LAN Plex Https Not Working in v3

irotsoma · October 26, 2021, 11:51pm

Sonarr version (exact version): 3.0.6.1342
Mono version (if Sonarr is not running on Windows): 6.12.0.122
OS: Raspberrian
Debug logs: https://www.toptal.com/developers/hastebin/raw/kirejidadi
Description of issue:
After upgrading to v3, the connection to Plex no longer works with HTTPS. I found that the issue is related to the certificate validation of the HTTPS connection. When I change plex to SSL “Recommended” and turn off the option for HTTPS in Sonarr, it works fine, but I’m not fond of leaving traffic unencrypted. The certificate of the Plex system of course belongs to the plex.direct domain and not to my local internal IP address. So even though the certificate is valid, it’s not for the local server name/ip address. Is there a way to add an exception for a Plex URL that is internal, or must Plex HTTPS calls be routed over the internet (not ideal)?

bakerboy448 · October 27, 2021, 12:46am

Is there a way to add an exception for a Plex URL that is internal

No

I’m not fond of leaving traffic unencrypted

So what you’re saying then is you believe your LAN network is not secure and is compromised?
Sounds like you have other issues then.

If that’s not the case then there is no point to connect devices over SSL on your LAN. If you truly insist on doing so then figure out how to properly generate signed certificates for local IP addresses…good luck.

irotsoma · October 27, 2021, 12:57pm

Wow, thanks for that “help”. I meant I don’t like leaving Plex configured to not require secure connections.

Also, I don’t think it would help to have a self generated certificate for the internal domain/ip address since then that would override the plex one and I wouldn’t be able to access Plex outside the network. I know how to do this, it’s just not a valid solution.

bakerboy448 · October 27, 2021, 10:17pm

You wish to pigeon hole yourself with your settings then idk what to tell you.

It’s not possible to do what you want without making something less secure.

You can disable cert validation in sonarr for local addresses

Sounds like what you really need is Plex to add a feature to split the secure connections setting into local and remote

markus101 · October 28, 2021, 12:41am

That isn’t how it works, plex.direct domains for local IPs are direct to your local address (which is why DNS rebinding prevention can cause issues).

You have a few options:

Use the full plex.direct domain
Disable certificate validation for local IPs
Use an “insecure connection” (http instead of https)

irotsoma · October 28, 2021, 6:08pm

Disabling cert validation for internal addresses is exactly what I was looking for, but I couldn’t seem to find it in v3. Another helpful user showed me where it was under the General options page.

docdigit · December 4, 2021, 10:56am

On the other hand, if you block(ed) external access in local setup Plex server (plex only to be uses internal network), why should you use encrypted connections? With regards to outgoing connectivity (from internal network to Plex.com itself) using secure VPN would do the trick.

system · February 2, 2022, 10:56am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.