I am currently working on a project that involves streaming audio from my local radio station using Icecast, and I am facing issues with SSL certificate installation when trying to secure the connection with HTTPS.
Project Overview:
My project is to stream audio content from an url, which is powered by Icecast. I am trying to secure the connection using HTTPS for encrypted streaming. I have used Let's Encrypt to generate SSL certificates for my domain, but I am encountering issues when trying to access the stream via HTTPS.
What I Have Done So Far:
Icecast is properly set up to stream audio over HTTP.
SSL certificates were generated using Certbot and stored in /etc/letsencrypt/live/stream.isenradio.com/.
The configuration points to the correct SSL certificate files for HTTPS on port 443.
Issue:
When I attempt to access the stream through HTTPS (https://stream.isenradio.com/stream.mp3), I encounter the "SSL_ERROR_SYSCALL" error. Despite the certificates being correctly placed in the appropriate directory, the SSL handshake fails, and the connection is not established.
What I Have Tried:
I have confirmed that the SSL certificate files are correctly placed and that the permissions are correct.
I have tested the configuration using openssl and curl, but I continue to receive SSL errors during the handshake.
I have restarted the Icecast service multiple times, but the issue persists.
I would greatly appreciate any help or guidance from the community in resolving this issue. If anyone has encountered something similar or has any suggestions on how to fix this, please let me know.
We primarily help people get a Let's Encrypt certificate. You already have one of those. We often help with common configuration problems but Icecast is not something we see all that often. I don't have any personal experience with it other than the occasional thread posted in this forum. Perhaps a different volunteer will offer help but an Icecast forum is best.
That said, you should also review your DNS. HTTPS connections to your domain are failing to connect. Are you hosting your Icecast server in an AWS EC2 instance?
Maybe not. But, be sure to check your EC2 Security Group and that it allows inbound requests on port 443. Also check any VPC ACL Rules you may have set or AWS firewall rules.
How did you get the cert? Because I can't reach your domain using port 80 and HTTP. Using an HTTP Challenge is the most common method. I'll guess you used a DNS Challenge for your Route53 domain. Is that right?
curl -i -m8 http://stream.isenradio.com
curl: (7) Failed to connect to stream.isenradio.com port 80 after 178 ms:
Connection refused
curl -i -m8 https://stream.isenradio.com
curl: (28) Operation timed out after 8001 milliseconds with 0 bytes received
I see you used an nginx server to get the cert. You must have had HTTP port 80 connections working at that time.
So, are you trying to reverse proxy port 443 to your Icecast? I know doing that for streaming services requires some care. Not sure that is any easier than connecting directly to your Icecast using HTTPS. But, if that's what the Icecast experts say then I defer to them
Yes, exactly! I used Nginx as a reverse proxy to handle the SSL/TLS termination on port 443, which is why HTTP (port 80) connections were working initially when I obtained the certificate. The goal was to securely redirect HTTP traffic to HTTPS. Certainly not easier but the first way doesn't work. I just succeed to access to https://stream.isenradio.com/ thanks to the proxy but there is only the Icecast page and not the audio stream
Reverse proxying for streaming services requires special settings. The Icecast forum best place to get suggestions for this. I may have mentioned that already
