Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.abengnews.com , listen.abengnews.com
I ran this command:
It produced this output:
My web server is (include version): Apache 2
The operating system my web server runs on is (include version): Ubuntu 22.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
My enquiry is more of a clarification than technical. I am running a website secured by a LetsEncrypt cert and am adding an Icecast streaming server. Do I need separate certificates if Icecast is using port 8000 of the site?
The question is prompted because I started by hosting Icecast as a subdomain behind an Apache proxy located on a separate machine from the Apache site for which I set up a cert when the subdomain was created. This virtual host contains the path to the certificate and I created a combined version as required by Icecast and copied it to the machine on which it runs.
However, I found it difficult to retrieve Icecast metadata using Server-sent Events as the subdomain rejects calls from the parent site because of CORS security implemented by browsers. No amount of headers sent by the PHP code has been able to satisfy the subdomain that the requests are legitimate.
So while I struggle with setting the correct headers, I have decided to host both services under the parent FQDN. Hence the questions:
Do I need a separate certificate for Icecast or is it sufficient to just add the port number to https://www.abengnews.com:8000 with the current certificate? Or
Would I need to combine the certs into a single pem as Icecast says and indicate to its config the path of this file?