I use the built-in LetsEncrypt certificate on the Synology NAS to the NAS webpage. I want to use it on the Plex app too but I had a bit of a hard time configuring it. I have checked a few web guides for help but I keep getting the default Plex certificate. Most guides let you create a PFX certificate but the latest version of Plex require an updated, more secure certificate file.
PMS 220.127.116.1165 and above updates OpenSSL from v1.1.1 to v3.0.0. This updates Plex to use more secure SSL certificates with better encryption.
The Plex Media Server.log file gives an error after I configured the .PFX certificate in Plex.
Jun 20, 2023 09:56:02.971  ERROR – [CERT] PKCS12_parse failed: error:0308010C:digital envelope routines::unsupported
Jun 20, 2023 09:56:02.971  ERROR – [CERT] Found a user-provided certificate, but couldn’t install it.
Synology LetsEncrypt Certificate
So.. let’s get that certifacte working! First, export the LetsEncrypt certificate from your Synology. You will have an archive.zip file with all the certificate files in a .pem formatted file. We will have to convert this to the correct format for Plex.
Clicking ‘export certificate’ will give you a few files like cert.pem, chain.pem, privkey.pem and the same with ECC- or RSA- in the filename. I will use the RSA-xxx.pem files for Plex.
Convert PEM to P12
Download OpenSSL, place the OpenSSL files and the contents of the LetsEncrypt files (in the archive.zip file) somewhere on your PC and run a command prompt. Browse tot the OpenSSL directory and start creating the certificate.
Type the following commands in the command prompt:
- cd c:\temp\openssl
- pkcs12 -export -out c:\temp\openssl\plex.p12 -in RSA-cert.pem -inkey RSA-privkey.pem -certfile RSA-chain.pem -name “YOUR.PLEX.HOSTNAME” -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256
Enter a password for the P12 file. You will need this later in the Plex configuration.
Now you will have a plex.p12 file in c:\temp\openssl or whatever location you will chose.
Import and activate certificate in Plex
Upload the certificate to your NAS. I have chosen an easy accessible location and created a an extra ‘Certificate’ directory next to the movie and TV show files. You can check the properties of the file for the exact location. Which in my case is /volume1/PlexData/Certificate/plex.p12.
Browse to your Plex web app, something like https://ip.address:32400 or https://domain.name:32400.
Go to Settings -> Network and click Show Advanced.
Enter the location, password and the hostname you have entered earlier:
Restart the Plex app on the Synology, browse to https://domain.name:32400 and you will see that the Plex web app is now a secure webpage!