Are you actually sure your Icecast server is using that certificate?
This looks like an "icecast configuration" problem, not an apache problem.
2 Likes
I'm a bit hesitant to share the Icecast server URL, because I am still in the process of setting up lots of audio stuff and because of that I'm not officially licensed yet, because I haven't "launched" it yet. It's "hidden", with zero listeners...
So please do not quote the URL so I can easily remove it later on to prevent any problems 
https://
Many thanks!
There's no redirect from HTTP to HTTPS, as your port 80 isn't responding. I'm getting a "Connection refused".
3 Likes
I see it now. It did redirect in my main browser. But because of what you said I tried another browser, and indeed port 80 does not seem available....
Port 80 is open in the firewall though. I just now checked to be sure.
Is icecast listening there?
2 Likes
Good one. This VPS acts as a relay for another server and gets its data through port 80. Removed the relay, restarted Icecast, still doesn't do port 80 in the browser though.
And that while I'm quite sure that before doing certbot, I did get the Icecast page at port 80. I'm starting to doubt everything right now.
Trying these connects ok on port 443 but not 80
curl -i http://(domain)
curl -i https://(domain)
The https request fails with http 400 but at least it connects and Server header shows Icecast
UPDATE: Oops. Trying -i gives 200 for https but fails to connect with http. Using capital -I with https fails with 400 so Icecast does not like HEAD requests I guess
3 Likes
It looks like you should add another listen-socket block. Is it possible?
3 Likes
I have several listening sockets, two of them being 80 and 443. I also have <ssl>1</ssl> in there.
If I change that to a zero, I get not page at all.
Seems right for port 443. Do you also have the ssl tag for port 80 - even if zero? It's a long-shot but I would remove the ssl tag for port 80 rather than setting to zero.
I know the docs say it is a boolean so zero should be ok but would not be first time docs were slightly off.
Also, a stackoverflow thread said the http listener must be first. Not sure why that would be but ...
You might need to ask on icecast forum or stackoverflow. Having icecast respond on port 80 is beyond the scope of what we usually deal with on this forum.
3 Likes
There is no ssl tag for port 80.
I am thoroughly confused now though. Because I know you don't by default get Icecast to "broadcast" on port 80. But I thought I arranged for that, and afterwards set up 443. But I am now doubting that.
1 Like
What I think I must do is do a fresh install of the OS, and start all over again. And take notes... Because if it turns out I'm not sure anymore of what I did to get to exactly this point, it makes for very difficult troubleshooting...
Anyway, thank you all very much for responding!
I'm not going to do a reinstall just yet though, I'm going to give it some more thought. So suggestions are of course still welcome.
1 Like
Sometimes it is helpful to start over so you have a system you understand and can support going forward. A shame though since https to icecast seems fine.
Here is a site to test certs: SSL Checker
This command shows what is listening on 80 and 443 (and anything with icecast too)
sudo netstat -pant | grep -i listen | grep -Ei ':80|:443|icecast'
Just some more tools which may help.
3 Likes
You could hand port 80 over to a web server (OR none and use certbot in standalone mode).
And handle the ACME challenges in HTTP and then redirect all other requests to HTTPS.
[or in the case of certbot in standalone mode, have nothing listening on port 80]
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.