Plex Media Server – Convert CRT to Plex SSL Compatible Certificate

If you’re like me and you use Let’s Encrypt, then it seems sometime semi-recently Plex changed the way their SSL certificates work. I used to just generate a simple .p12 certificate to use with Plex, but it seems that wasn’t good enough anymore.

After some research, it appears the encryption algorithms needed to be updated on the certificate I was generating.

Simply adding the following to my openssl command solved the problem:
-certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256

So the full command becomes something like this:
openssl pkcs12 -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256 -export -out plex.p12 -inkey -in -certfile

I just hit the enter key when it asks for a password since I am only using this certificate locally. You could add -passout ‘pass:’ to do that automatically. Which works wonderfully as I just scp my certs out of pfSense from /cf/conf/acme. I’ve still been experimenting with that and in some cases, e.g. unifi, I’ve found it better to use the fullchain file and not the all file. In other cases I use the all.pem file.

In Plex > Network settings, set the path to this certificate and leave the key field blank.

Leave a Comment