Plex Letsencrypt

Unraid how to stop array. Copy the existing contents from /mnt/user/appdata/ to /mnt/user/docker/appdata/ 7. I've tried multiple times with hard reboots because the UI becomes unresponsive. UnBALANCE helps you manage space in your Unraid array, via two operating modes: Scatter Transfer data out of a disk, into one or more disks. The main reason is that you don't need to actually connect to a VPN. You just plop an address in a browser and it works while still being encrypted. Php day of week. It also works with the plex app so you connect directly and it runs on a standard port that's basically never blocked on a network with internet access.

Greetings,
This HOWTO is a guide on how I enabled SSL in Plex on my QNAP TS-453 Pro. This was done in the SSH console of the NAS device and may need to be massaged as there are differences in the file structure of the NAS models.

  1. Download and install the Let's Encrypt qpkg from https://forum.qnap.com/viewtopic.php?f=320&t=122747. This had to be done in the SSH terminal on my NAS because it would not install via the App Center for some reason.
    sh LetsEncrypt_0.5_x86.qpkg
  2. Generate the certificate
    SERVER=server.example.com
    export PATH=/opt/LetsEncrypt/bin:$PATH
    letsencrypt certonly --rsa-key-size 4096 --renew-by-default --webroot --webroot-path '/share/Web' -d ${SERVER} -t --agree-tos --config-dir '/share/CACHEDEV1_DATA/.qpkg/LetsEncrypt'
  3. Convert the cert to PK12 format
    CERTPATH='/share/CACHEDEV1_DATA/.qpkg/LetsEncrypt/live/${SERVER}/'
    HOSTONLY=server
    PASSWORD=SuperSecretStuff
    openssl pkcs12 -export -in '${CERTPATH}cert.pem' -inkey '${CERTPATH}privkey.pem' -out '${CERTPATH}${SERVER}.p12' -name ${HOSTONLY} -CAfile '${CERTPATH}chain.pem -caname root -password pass:${PASSWORD}
  4. Install the cert in the web portal by navigating to http://server.example.com:32400 and then going to Settings -> Server -> Network -> Show Advanced.
    • Custom certificat location - /share/CACHEDEV1_DATA/.qpkg/LetsEncrypt/live/server.example.com/server.example.com.p12
    • Custom certificate encryption key - SuperSecretStuff
    • Custom certificate domain - server.example.com
    Save Changes
  5. Change URL to https://server.example.com:32400 and you should be all set!

If that works for you, then you can bring it all together in a script and schedule it as a cron task to keep it up to date. This will also update the SSL for the NAS as wellPlex letsencrypt

Plex Certificate Key


Plex Custom Certificate Encryption Key

#!/bin/sh
SERVER=server.example.com
CERTPATH='/share/CACHEDEV1_DATA/.qpkg/LetsEncrypt/live/${SERVER}/'
HOSTONLY=server
PASSWORD=SuperSecretStuff
export PATH=/opt/LetsEncrypt/bin:$PATH
letsencrypt certonly --rsa-key-size 4096 --renew-by-default --webroot --webroot-path '/share/Web' -d ${SERVER} -t --agree-tos --config-dir '/share/CACHEDEV1_DATA/.qpkg/LetsEncrypt'
openssl pkcs12 -export -in '${CERTPATH}cert.pem' -inkey '${CERTPATH}privkey.pem' -out '${CERTPATH}${SERVER}.p12' -name ${HOSTONLY} -CAfile '${CERTPATH}chain.pem -caname root -password pass:${PASSWORD}
/etc/init.d/stunnel.sh stop
/etc/init.d/plex.sh stop
cat ${CERTPATH}privkey.pem ${CERTPATH}cert.pem > /etc/stunnel/stunnel.pem
cp ${CERTPATH}chain.pem /etc/stunnel/uca.pem
openssl pkcs12 -export -in '${CERTPATH}cert.pem' -inkey '${CERTPATH}privkey.pem' -out '${CERTPATH}${SERVER}.p12' -name ${HOSTONLY} -CAfile '${CERTPATH}chain.pem' -caname root -password pass:${PASSWORD}
/etc/init.d/stunnel.sh start
/etc/init.d/plex.sh start