Skip to content
/ PlexSSLAutorenew Public

A bash script to auto renew https certificate on a Plex instance with Let's Encrypt and dns-challenge

13 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Stinocon/PlexSSLAutorenew

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
plexrenew.sh
plexrenew.sh
 
 

Repository files navigation

PlexSSLAutorenew

A bash script to auto renew https certificate on a Plex instance with Let's Encrypt and dns-challenge

As I share Plex with friends and family, I thought it would be interesting to have an active SSL certificate. As cheap as they are elsewhere (a few euros/year) I wondered if it might be feasible with Let's Encrypt. The answer is obviously yes.

One of the advantages that I think might be interesting is that it does not require port forwarding or the installation of an apache server as the challenge for the certificate is done via dns-challenge on cloudflare. I use cloudflare but you can use whatever you want as the script itself should work with any DNS provider that accepts queries from certbot.

** This repository will not cover certificate activation on the Plex interface or how to activate a dns-challenge for certbot. **

I based it on the excellent work of Churro-s which you can find here.

My setup

  • Debian 10
  • Domain nameservers on Cloudflare
  • Expect

How to

  1. Download the script and place it wherever you want
  2. Modify it by entering the working path, personally I kept the folder that is automatically generated by certbot for the first certificate creation.
  3. Give execution permissions with chmod +x plexrenew.sh
  4. Create a new crontab setup with crontab -e
  5. Profit

FAQ

What does the script do?

  1. Sets the working directory in which the rest of the script will be executed
  2. It runs certbot renew to regenerate certificates.
  3. The expect command launches the openssl conversion command to generate the certificate file in pfx format (required by Plex).
  4. The certificate in pfx format is moved and permissions are assigned
  5. The Plex service is restarted

Why did you use expect?

Because I'm not exactly an ace in development, I came across this program that allows you to automatically insert characters if a certain object is passed on the screen. Since a password is requested for the key when converting the certificate, I needed to replace human input with automatic input. Personally, I have put in an enter, but you can put in whatever you like.

What can be improved?

Practically everything. For example, to make it more accessible to the public, the working directory could be variable. Or maybe someone knows a way not to use expect.

Feel free to fork the project and improve it.

Notes

Personally, I renew my certificate every 85 days at 4 am. The certificate is valid for 90 days from when you generate it and Let's Encrypt will still send you an email to remind you of the expiry. If you need help generating a cron you can use the following online tool: https://crontab.tech/

About

A bash script to auto renew https certificate on a Plex instance with Let's Encrypt and dns-challenge

Resources

Readme
Activity

Stars

13 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages