Discussion - Someone other than LetsEncrypt? | PlexGuide.com

Discussion Someone other than LetsEncrypt?

  • Stop using Chrome! Download the Brave Browser via >>> [Brave.com]
    It's a forked version of Chrome with native ad-blockers and Google's spyware stripped out! Download for Mac, Windows, Android, and Linux!
Welcome to the PlexGuide.com
Serving the Community since 2016!
Register Now

Chrisputer

Experienced
Original poster
May 25, 2018
89
28
Is it possible to use the SSL Certificate you get for free from CloudFlare? If so, how do I go about making that work with Treafik?
 

Edrock200

MVP
Staff
Nov 17, 2019
541
195
I'm sure it's possible however you'd need to fork traefik and possibly other modules since it has the auto renew inline. That said, I wouldn't recommend it unless you have a specific requirement. Cloudflares certs only validate if you proxy through cloudflare. The let's encrypt certs validate whether you proxy or not. Some apps don't like or perform well with proxy and some users get bandwidth warnings for Plex with cloudflare free accounts, meaning you need to disable Plex from proxying. If you want it to still connect on 443 you need a valid SSL cert or you'll need to redirect 443 to 32400.
 

Chrisputer

Experienced
Original poster
May 25, 2018
89
28
I ask because the VM I was rent had a bad hard disk and they gave me a new one with a new IP. But for some reason, let's encrypt has already hit the weekly limit.
I actually have people helping me find this thing so I would like to get them back online. I know nothing of traefik.
I am a system admin IRL.
 

Edrock200

MVP
Staff
Nov 17, 2019
541
195
Well the good news is you don't need the SSL cert for Plex to operate. Just delete the custom published dns name from your Plex config and it will use the Plex wildcard cert on tcp 32400. In the interim you can install the VPN option and use a vpn connection to get to your apps. Only thing that won't work externally facing is ombi unless you publish on 80 (bad idea.) All of your media management apps should continue to operate, upload/download, etc. Alternatively you can try browsing opt/appdata to see where the cert is and if it can be replaced but I've never done this so can't speak from experience.

I don't know if this will work or count as a new domain, but you can try publishing tons subdomain. I.e. if your domain is mediaserver.com try publishing to temp.mediaserver.com, making your urls plex.temp.mediaserver.com, etc.

If it's super critical, buy a domain for 5 bucks and use that temporarily, and keep it for emergencies. I know these aren't the best solutions, hopefully someone else can chime in with a better answer.
 
Last edited:

Chrisputer

Experienced
Original poster
May 25, 2018
89
28
Good to know about the Plex Wildcard Cert... But I use Emby. :p

I do like the idea of publishing sub-domains and seeing if that works!
 

Edrock200

MVP
Staff
Nov 17, 2019
541
195
You can do the same with emby. Install your cloudflare cert direct into emby, then publish secure connections on its default port which isn't 443
 
  • Like
Reactions: 1 user

Chrisputer

Experienced
Original poster
May 25, 2018
89
28
@Admin9705
Can you chime in. I'm not even sure where to start changing things (from a fresh install) to get my CloudFlare Cert and Key to work with Traefik.
Post automatically merged:

This is the error I'm getting.

time="2020-03-20T00:11:01-05:00" level=error msg="failed to load X509 key pair: tls: failed to find any PEM data in certificate input"
time="2020-03-20T00:11:01-05:00" level=error msg="Unable to add a certificate to the entryPoint \"https\" : unable to generate TLS certificate : tls: failed to find any PEM data in certificate input"
time="2020-03-20T00:11:01-05:00" level=error msg="failed to load X509 key pair: tls: failed to find any PEM data in certificate input"

Here is my modified toml


#!/bin/bash
#
# Title: PGBlitz (Reference Title File)
# Author(s): Admin9705
# URL: https://pgblitz.com - http://github.pgblitz.com
# GNU: General Public License v3.0
################################################################################
insecureskipverify = true
logLevel = "WARN"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
MinVersion = "VersionTLS12"
[[entryPoints.https.tls.certificates]]
certFile = "./flicq.media.pem"
keyFile = "./flicq.media.key"
[entryPoints.monitor]
address = ":8081"
[backends]
## Cockpit Backend
[backends.cockpit]
[backends.cockpit.servers.server]
url = "https://127.0.0.1:9090"
[frontends]
## Cockpit Frontend
[frontends.cockpit]
backend = "cockpit"
passHostHeader = true
[frontends.cockpit.routes.cockpit]
rule = "Host:cockpit.flicq.media"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "flicq.media"
watch = true
exposedbydefault = false
network = "plexguide"
 
Last edited:

Edrock200

MVP
Staff
Nov 17, 2019
541
195
Maybe this will help
 

Recommend NewsGroups

      Up To a 58% Discount!

Trending