Failed to Log-in, certificate verification

Question

Failed to Log-in, certificate verification

webcamleif opened this issue 8 months ago · 7 comments

Describe the Bug
When I try to setup the integration via the UI I get Failed to Log-in. It does not matter if I try select or deselect "Verify SSL".

The Error
2024-05-27 13:23:12.967 WARNING (SyncWorker_43) [urllib3.connection] Certificate did not match expected hostname: 172.16.69.130. Certificate: {'subject': ((('commonName', '.0e2a2bd6cef743858bb27afaae82035c.plex.direct'),),), 'issuer': ((('countryName', 'US'),), (('organizationName', "Let's Encrypt"),), (('commonName', 'R3'),)), 'version': 3, 'serialNumber': '03286A09725E16C8C2D1A89AA46CF6E2AD03', 'notBefore': 'Apr 11 08:53:42 2024 GMT', 'notAfter': 'Jul 10 08:53:41 2024 GMT', 'subjectAltName': (('DNS', '.0e2a2bd6cef743858bb27afaae82035c.plex.direct'),), 'OCSP': ('http://r3.o.lencr.org',), 'caIssuers': ('http://r3.i.lencr.org/',)}

Indicate if you followed all steps in the troubleshooting doc
Yes?

What data does the sensor display if any?
Can not set it up.

What displays when visiting the API URL from the troubleshooting guide?
The plex token works, verified with a curl from within the container running hass.

Does the default Home Assistant Plex component work for you?
Yes.

Home Assistant Version
Latest, 2024.5.4

Additional Context

Answer 1 · 2024-05-27T19:52:22.000Z

Hi, the SSL you're trying to use is associated with the Internet domain name 0e2a2bd6cef743858bb27afaae82035c.plex.direct, not the private IP address 172.16.69.130. Let's Encrypt doesn't even issue SSL certificates for private IP addresses. In other words, you can't specify 172.16.69.130 as your Plex IP address and also use that SSL certificate. You would have to use 0e2a2bd6cef743858bb27afaae82035c.plex.direct as your plex address if you want to use SSL; assuming you already can already access your plex server via a web browser with the address:

https://0e2a2bd6cef743858bb27afaae82035c.plex.direct

Are you able to access your plex server's web interface by typing: https://0e2a2bd6cef743858bb27afaae82035c.plex.direct in the address bar? If so, you should be able to specify 0e2a2bd6cef743858bb27afaae82035c.plex.direct in this Integration's Plex Address and 443 as the port and enable SSL. Otherwise..

Probably the easiest thing to do is just disable SSL for this Integration and just use your private IPV4 IP address of the device you have installed Plex on on your LAN; along with port default 32400.

Answer 2 · 2024-05-27T20:13:44.000Z

Yeah I think we misunderstood each other a little bit.

I want to use this integration without SSL verification, but it does not matter if I untick that box, it still tries to connect and verify the SSL Certificate.

I am trying to go towards my local IP address, however the integration must somehow go the external route, and it gets the random letsencrypt certificate that your plex instance gets from the web-service from Plex Web. In other words, no I cannot go towards that address since it's a weird certificate.

I have for the moment created a public certificate which I'm going towards now, but that is not what I wanted and just a temporary workaround.

The main problem is, I cannot choose NOT to verify the SSL certificate, it will always tell me in the logs that the certificate is not valid.

Answer 3 · 2024-05-28T01:32:11.000Z

Can you please take a screenshot of settings you're using with this Integration during the initial setup (don't forget to hide your plex token)? For example, mine looks like below (when connecting to it directly without SSL on my LAN):

Can you confirm that you can access your Plex Media Server on your LAN by typing http://172.16.69.130:32400 in your web browser's address bar without any errors?

Answer 4 · 2024-05-28T05:33:47.000Z

Sure, here is a screenshot I took earlier:

Since I took this earlier, after it failed I changed 172.16.69.130 to "ip", and the I removed the token.

Accessing my plex server with http://172.16.69.130:32400 would be a problem as I only accept TLS traffic, so https://172.16.69.130:32400 would be fine.

It does not matter in what combination I try to connnect with "SSL" and/or/ "Verify SSL" checked/unchecked, I always get the certificate verification error in the HASS logs.

Answer 5 · 2024-05-28T16:18:42.000Z

Thanks for the screenshot. Now it makes sense. https://172.16.69.130:32400 will not work in your case. The SSL certificate you are trying to use is specifically meant for the respective DNS name automatically generated when you enabled the Remote Access feature on your Plex Media Server.
In your case, the DNS name would be: 0e2a2bd6cef743858bb27afaae82035c.plex.direct according to the error you posted.

Hence, you would need to use: https://0e2a2bd6cef743858bb27afaae82035c.plex.direct:32400, not https://172.16.69.130:32400 (at least, that is what the error you posted means).

Or, if you want to connect to your Plex server directly (via IP only) on your LAN, you would have to NOT use Plex's SSL: http://172.16.69.130:32400

Answer 6 · 2024-05-28T18:37:43.000Z

I do understand all of this, that is not the problem.
The problem is that there is an option that says "Verify SSL" and that function does not work.

Answer 7 · 2024-05-29T03:38:54.000Z

I do understand all of this, that is not the problem. The problem is that there is an option that says "Verify SSL" and that function does not work.

Thanks for letting me know. I just removed that setting in Release 0.4.6.