Generate ssl certificate

yes but i want the listener to access the music from
just click on the player

I assumed you had the website on a server and the stream on another, not two different radios each with website and stream. (I would try again with the reverse proxy, but you need to find somebody that has already done that)

There probably is some strange icecast behavior that were missing.

1 Like

on the top it says port 8843 is https

nmap -p 80,443,8000,8443

Starting Nmap 6.40 ( ) at 2022-03-19 22:35 GMT
Nmap scan report for (
Host is up (0.013s latency).
rDNS record for
80/tcp open http
443/tcp open https
8000/tcp open http-alt
8443/tcp open https-alt

No, it says it's usually https.

If you want to know what it actually is you have to add the -A option.

1 Like

it shows 8443 as http like in the other server

]# nmap -A -p 80,443,8000,8443

Starting Nmap 6.40 ( ) at 2022-03-19 22:42 GMT
Stats: 0:00:29 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 92.31% done; ETC: 22:42 (0:00:01 remaining)
Nmap scan report for (
Host is up (0.013s latency).
rDNS record for
80/tcp open http nginx
|_http-generator: WordPress 5.9.2
|_http-methods: No Allow or Public header in OPTIONS response (status code 405)
|_http-title: USDZ RADIO – Welcome to our community
443/tcp open http nginx
|_http-methods: No Allow or Public header in OPTIONS response (status code 400)
|_http-title: 400 The plain HTTP request was sent to HTTPS port
| ssl-cert: Subject:
| Not valid before: 2022-03-15T22:31:53+00:00
|_Not valid after: 2022-06-13T22:31:52+00:00
8000/tcp open http Icecast streaming media server
|_http-title: Icecast Streaming Media Server
8443/tcp open http Icecast streaming media server
|_http-title: Icecast Streaming Media Server
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: specialized|WAP|media device|storage-misc
Running (JUST GUESSING): Crestron 2-Series (87%), Netgear embedded (87%), Western Digital embedded (87%), HP embedded (85%)
OS CPE: cpe:/o:crestron:2_series cpe:/h:netgear:dg834g cpe:/o:westerndigital:wd_tv cpe:/h:hp:p2000_g3
Aggressive OS guesses: Crestron XPanel control system (87%), Netgear DG834G WAP or Western Digital WD TV media player (87%), HP P2000 G3 NAS device (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 7 hops

I see there is a github for Icecast although it is not very active. You could try asking there.

I saw this article via google which says the Debian Icecast does not have SSL built into it but you can get and build an SSL version from Xiph. Does this make sense? Could that be it?

In the article, you could ignore the parts about using certbot to get a cert since you have a method to get certs. The interesting part was the package of Icecast for SSL support.

Icecast is unusual and while we can make guesses it does not substitute for actually working with it. Perhaps github or this article will help? Or, even search this forum for the other Icecast threads. Cheers


You should be able to proxy inbound HTTPS connections to the HTTP radio.


i tryed it as well never worked.
wonder if Tuzongo on this

have his icecast up and runing and what is his conf

This seems to be the case in Debian 10 but not Debian 11.


They have some sort of radio live. If you cannot DM them from this forum you could try reaching them at:


@9peppe If I understand that correctly, @Athmane needs to upgrade their Debian Buster or get the SSL enabled icecast package as noted in that article I linked. Is that how you understand it?


I don't know about that package for Debian 10. But yes, I would upgrade to Debian 11 (that's going to be a problem if it's a bitnami image).

As an alternative, a reverse proxy should work, but if nginx cannot work, maybe I'd look at stunnel (but I have actually never used it).

They're not running the debian version, it looks like a commercial one.

|     Server: Icecast 2.4.4 (MSCP)
|     X-Powered-By: MSCP Pro+ (
1 Like

@Athmane the safer way is, I think, to get a fresh Debian 11 vps and install wordpress and icecast manually on there. If it works, move your content there.

Or maybe you can install Icecast using docker (are there official images? haven't found one).

1 Like

Thanks to @MikeMcQ, @rg305 and @9peppe for your help.
I have a centos 7 VM with icecast already installed, i will get cerbot installed and generate SSL key hopefully it works


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.