Sharing a certificate with site and Icecast

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.abengnews.com , listen.abengnews.com

I ran this command:

It produced this output:

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

My enquiry is more of a clarification than technical. I am running a website secured by a LetsEncrypt cert and am adding an Icecast streaming server. Do I need separate certificates if Icecast is using port 8000 of the site?

The question is prompted because I started by hosting Icecast as a subdomain behind an Apache proxy located on a separate machine from the Apache site for which I set up a cert when the subdomain was created. This virtual host contains the path to the certificate and I created a combined version as required by Icecast and copied it to the machine on which it runs.

However, I found it difficult to retrieve Icecast metadata using Server-sent Events as the subdomain rejects calls from the parent site because of CORS security implemented by browsers. No amount of headers sent by the PHP code has been able to satisfy the subdomain that the requests are legitimate.

So while I struggle with setting the correct headers, I have decided to host both services under the parent FQDN. Hence the questions:

  1. Do I need a separate certificate for Icecast or is it sufficient to just add the port number to https://www.abengnews.com:8000 with the current certificate? Or

  2. Would I need to combine the certs into a single pem as Icecast says and indicate to its config the path of this file?

Thanks.

1 Like

Hi @starapple2, and welcome to the LE community forum :slight_smile:

The topic mentions sharing a certificate with Icecast.
Do you have a specific question?
Have you checked the Icecast documentation on enabling TLS/SSL?

4 Likes

Thanks for your response @rg305 and for the welcome. Clumsy fingers on the phone screen submitted my question before I knew what was happening. I then edited the posting as you should now be able to see. :slightly_smiling_face:

2 Likes

Hi @starapple2,

The port number is not mentioned in the certificate at all. A certificate can be used on any port, and you can use the same certificate concurrently for multiple services that are hosted on different ports.

If you're using Certbot, you can make a --deploy-hook script to run various commands that help get the new certificate into the format and location where all of your services expect to find it (and reload the services so they notice the new certificate is available). Other clients should have a similar concept.

5 Likes

Thanks @schoen. Let me get cracking at that right away. I didn't want to "do" and then have to "undo".:slightly_smiling_face:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.