Plex uses it's own certificates pointing to <uuid>.plex.direct for it's internal indirect modus. As I use plex mainly using chrome it would be nice for it to have a valid certificate. This is based on plex on ubuntu 17.10. I got inspired by the following gisthub post. For that I modified the Unifi Controller script to suit plex it's need. It is available here. Latest version is available on github.
Run the script as following
sudo ./gen-plex-cert.sh -d plex.domain.com
Now go to the Plex UI.
Go to Settings (icon on top right corner) > Server (tab) > Network (left navigation column).
Click "SHOW ADVANCED" to see the necessary fields.
Enter the following values:
Custom certificate location: /var/lib/plexmediaserver/certificate.pfx
Custom certificate encryption key: PLeXMeDiaSeRVeR (this is the default key used in the script (change it))
Custom certificate domain: https://plex.domain.com:32400
Save your changes.
Obvious you want the certificate to update it self. Copy the script to /usr/local/sbin and add the following to /etc/cron.d/plex-cert-update
SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 0 */12 * * * root test -x /usr/local/sbin/gen-plex-cert.sh -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && /usr/local/sbin/gen-plex-cert.sh -r -d plex.domain.com