Auto renewal with Icecast2 server

There are several ways:
If the cert is being served to the Internet, then there are many ways to show the expiration date.
If the cert is not being served to the Internet, then you can use OpenSSL:
openssl x509 -enddate -noout -in cert.pem

certbot renew

If you are going to continue using HTTP-01 authentication, you will need to use port 80.


yes, that's my web server at port 80 on a MacMini with OSX. For now, I have changed the port to 80 for the Icecast servers running Ubuntu on another MacMini so I can renew your certificate.

Did you miss my post #20?:

I asked for you to do two things.


root@louie:~# ls -l /etc/icecast2/bundle.pem
-rw-rw-rw- 1 joe joe 7283 Mar 23 13:06 /etc/icecast2/bundle.pem

here is the first

By using > instead of >>, you've deleted the original contents of the renewal configuration file, effectively destroying all the required information for Certbot to even recognise the cert.

> truncates the original, >> appends to the original. You want to use >> and not >. Not that it matters now, as the original is gone.

You probably want to delete the current certificate and generate a new one. When doing so, please use the --deploy-hook option instead of manually messing with the renewal configuration file.


Second one cat /etc/icecast2/bundle.pem

It won't let me post. one pending, ok and big red delete button


7283 bytes does seem about the right size.

I'm still not sure why you aren't using a deploy hook for this.


I specifically asked you NOT to post it:

Please read the entire instruction before proceeding.


I agree, a deploy hook would be the better choice instead of a post hook.


how do I delete the current certificate?

Depends if Certbot can still delete it, as the renewal configuration file is broken. Please see User Guide β€” Certbot 2.4.0 documentation.

Or even better: generate a new certificate with a different name (using --cert-name) and start using that one first before deleting anything.


Something like:
certbot --cert-name IceCast -d -d
[along with any other "words" previous used: "--standalone" or "--webroot" etc. ]


Here is a list of issued certificates, latest being 2023-03-23.

And the presently being served certificate

1 Like

Have you tried manually "fixing" that entry in the file /etc/letsencrypt/renewal/ ?
Maybe that is all you really need to do to get this working again.

I would try:

post_hook = "cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ > /etc/icecast2/bundle.pem && service icecast2 restart"

Then, if that works, I would switch it to a deploy hook.


Did you Revoke this Certificate | 8966055863?

1 Like

I cert delete of I reran certbot. I said it was successful.

I ran certbot dry run. rebooted. Check icecast server works on port 80

But i get this failed key.
see below the error code

oot@louie:~# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Simulating renewal of an existing certificate for
Failed to renew certificate with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.

All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

You're probably using the standalone plugin.

What was the exact Certbot command you've used?


I see Icecast server on port 80:

curl -Ii
HTTP/1.1 400 Bad Request
Server: Icecast 2.4.4

root@louie:~# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Simulating renewal of an existing certificate for

Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/ (success)


post_deply = "cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ > /etc/icecast2/bundle.pem && service icecast2 restart"

Since I will use this port 8000 and 8443 for this Icecast2 server and my webserver is port 80 and port 443.


Thanks guys I have only one question how to do you manual renew and how to get the expiration date??? If I don't have port 80 open at the time of renewal??? What will happen also?
good job

1 Like

Did you make that up or your actually read that somewhere?
I suspect you meant: