How can i convert xyz.key and yyz.crt to one xyz.pem

Athmane · March 16, 2022, 3:40pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
usdzradio.live
I ran this command:
openssl x509 -in usdzradio.live.key -out key.usdzradio.pem

It produced this output:
unable to load certificate
139671713797248:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

orangepizza · March 16, 2022, 3:44pm

those files are already in pem format, if needed just rename its extension as pem.
are you need them to be in a single file?

Athmane · March 16, 2022, 3:55pm

Yes this for icecaste2

orangepizza · March 16, 2022, 3:58pm

cat /etc/letsencrypt/live/stream.example.com/fullchain.pem /etc/letsencrypt/live/stream.example/privkey.pem > /etc/icecast2/bundle.pem

the guide itself includes how to convert automate this by certbot post hook so worth read it yourself

Athmane · March 16, 2022, 4:12pm

this is why i wanted to convert my crt and key file to pem.
i did all this but did not work
cat usdzradio.live.crt usdzradio.live.key > /usr/share/icecast2/icecast.pem

cat /etc/icecast2/icecast.xml|grep ssl
1
/usr/share/icecast2/icecast.pem

orangepizza · March 16, 2022, 4:16pm

you just catting the key, you need to do the certs too.
cat fullchain.crt privkey.key > bundle.pem

P.S I have to sleep

9peppe · March 16, 2022, 4:18pm

What port are you serving your encrypted icecast on?

I see an unencrypted one on port 8000. (NB: the certificate will not work if you call the stream using the IP address instead of the domain name)

Athmane · March 16, 2022, 4:22pm

thank you very much

9peppe · March 16, 2022, 4:27pm

Things to know about what you're trying to do:

As another user pointed out, there are a lot of hardware internet radios that don't support TLS, so it's probably best to use http on port whatever for them.

As for port whatever, I'd personally use a reverse proxy and serve the website and the radio on the same port, so you can include the http (port 80) radio on the http website and the https (port 443) radio on the https website. (just omit the scheme, like href="//usdzradio.live/mount")

I was listening, why did you stop the music?

Athmane · March 16, 2022, 4:30pm

sorry i tryed to use the domain name instead off the ip so i did have to modify the conf on mixxx

9peppe · March 16, 2022, 4:40pm

You're already running nginx so this should be a good starting point: stream - Icecast2 running under nginx not able to connect - Stack Overflow

Notice that you don't need to configure TLS for icecast if the only way to access icecast is through nginx.

Athmane · March 16, 2022, 11:47pm

did not work i even installed a centos 7 server with apache to see if the problem is debian openssl problem or not
same story icecast don't work i followed step by step the guide

as you can see 443 is ok 8443 is not ( the firewall is ok as well)

curl -v localhost:443 >/dev/null

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to localhost port 443 (#0)

Trying ::1...
Connected to localhost (::1) port 443 (#0)

GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: localhost:443
Accept: /

< HTTP/1.1 400 Bad Request
< Date: Wed, 16 Mar 2022 23:43:49 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.27
< Content-Length: 362
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
{ [data not shown]
100 362 100 362 0 0 59854 0 --:--:-- --:--:-- --:--:-- 72400

Closing connection 0

]# curl -v localhost:8443 >/dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to localhost port 8443 (#0)

Trying ::1...
Connection refused
Trying 127.0.0.1...
Connection refused
Failed connect to localhost:8443; Connection refused
Closing connection 0
curl: (7) Failed connect to localhost:8443; Connection refused

9peppe · March 16, 2022, 11:55pm

It's closed somewhere

~ $ nmap -p 80,443,8000,8443 usdzradio.live
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-17 00:50 CET
Nmap scan report for usdzradio.live (34.148.79.147)        Host is up (0.18s latency).
rDNS record for 34.148.79.147: 147.79.148.34.bc.googleusercontent.com
                                                           
PORT     STATE  SERVICE
80/tcp   open   http
443/tcp  open   https                                      
8000/tcp open   http-alt
8443/tcp closed https-alt                                  
Nmap done: 1 IP address (1 host up) scanned in 1.15 seconds

Or maybe it's not listening. Try running

sudo ss -tlpn | grep 8443

(But anyhow, you don't need this if you want to use a reverse proxy)

Athmane · March 17, 2022, 12:20am

yes it's not listening to any thing on port 8443

Athmane · March 17, 2022, 12:20am

i dont know how to do that

system · April 16, 2022, 12:21am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.