Auto renewal with Icecast2 server

I ran after a reboot the dry run, again.

certbot renew --dry-run

The error is still there.

Probably because the renewal configuration file requires to contain WAY more than just the post_hook option.

Did you by any chance do something like echo "post_hook = cat ..." > /etc/letsencrypt/renewal/ instead of using >>?



echo "post_hook = cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ " > /etc/icecast2/bundle.pem && service icecast2 restart 

Why are you using a post hook?
I think you would do better with a deploy hook.


That was post on how t install your certificate a couple with and Icecast server. I did try deploy

echo "deploy_hook = cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ " > /etc/icecast2/bundle.pem && service icecast2 restart

I'm not sure that is doing what you would expect.
Please review the output of:
cat /etc/icecast2/bundle.pem
[don't post any of that output here as it may contain the private key]

If it contains no cert files, as I suspect, it might need to be reworked.
I suspect that file contains only the text string:
[not the actual output of that "intended command"]

deploy_hook = cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ 

To help confirm, you can post the output of:
ls -l /etc/icecast2/bundle.pem


is there a way to check the date of expiration of the certificate and manual renew the certificate? If so how what's code for ubuntu? I want to run on port 8000 and 8443 instead of 80 and port 443. Please help

1 Like

There are several ways:
If the cert is being served to the Internet, then there are many ways to show the expiration date.
If the cert is not being served to the Internet, then you can use OpenSSL:
openssl x509 -enddate -noout -in cert.pem

certbot renew

If you are going to continue using HTTP-01 authentication, you will need to use port 80.


yes, that's my web server at port 80 on a MacMini with OSX. For now, I have changed the port to 80 for the Icecast servers running Ubuntu on another MacMini so I can renew your certificate.

Did you miss my post #20?:

I asked for you to do two things.


root@louie:~# ls -l /etc/icecast2/bundle.pem
-rw-rw-rw- 1 joe joe 7283 Mar 23 13:06 /etc/icecast2/bundle.pem

here is the first

By using > instead of >>, you've deleted the original contents of the renewal configuration file, effectively destroying all the required information for Certbot to even recognise the cert.

> truncates the original, >> appends to the original. You want to use >> and not >. Not that it matters now, as the original is gone.

You probably want to delete the current certificate and generate a new one. When doing so, please use the --deploy-hook option instead of manually messing with the renewal configuration file.


Second one cat /etc/icecast2/bundle.pem

It won't let me post. one pending, ok and big red delete button


7283 bytes does seem about the right size.

I'm still not sure why you aren't using a deploy hook for this.


I specifically asked you NOT to post it:

Please read the entire instruction before proceeding.


I agree, a deploy hook would be the better choice instead of a post hook.


how do I delete the current certificate?

Depends if Certbot can still delete it, as the renewal configuration file is broken. Please see User Guide — Certbot 2.4.0 documentation.

Or even better: generate a new certificate with a different name (using --cert-name) and start using that one first before deleting anything.


Something like:
certbot --cert-name IceCast -d -d
[along with any other "words" previous used: "--standalone" or "--webroot" etc. ]


Here is a list of issued certificates, latest being 2023-03-23.

And the presently being served certificate

1 Like