Icecast2 and LetsEncrypt


#1

Icecast is a popular open source media streamer which claims to support ssl although I’ve never got it to work successfully…

[2016-01-22 15:34:22] INFO main/main Icecast 2.4.2 server started
[2016-01-22 15:34:22] WARN connection/get_ssl_certificate Invalid cert file /etc/letsencrypt/live/live.DOMAINNAME.org/cert.pem
[2016-01-22 15:34:22] INFO connection/get_ssl_certificate No SSL capability on any configured ports
[2016-01-22 15:34:22] INFO stats/_stats_thread stats thread started
[2016-01-22 15:34:22] INFO yp/yp_update_thread YP update thread started

Even following the plugin I found here https://github.com/e00E/lets-encrypt-icecast I am no closer to a workable solution. Suggestions?? Thanks. :slightly_smiling:


#2

From the documentation for version 2.4.1:

ssl-certificate
If specified, this points to the location of a file that contains both the X.509 private and public key. This is required for HTTPS support to be enabled. Please note that the user Icecast is running as must be able to read the file. Failing to ensure this will cause a “Invalid cert file” WARN message, just as if the file wasn’t there.

So you’ve got to put the certificate and the private key together in one file, probably including the intermediate cert, i.e.: concatenate fullchain.pem and privkey.pem into one file.


#3

Osiris is correct about concatenating the fullchain and privkey files into one…

Here are some detailed instructions I posted on a Centova channel that will give you detailed instructions for icecast and SSL.

One thing many people don’t realize is that you must install all of the pre-reqs to support SSL before installing icecast… I don’t manually compile but use the Xiph repositories to install icecast. This ensures I always have the latest patching without having to recompile.

http://forums.centova.com/index.php?topic=3965.0