[Icecast] How do I combine my ssl certs?
Robert Chalmers
racuk12 at gmail.com
Tue Mar 6 14:59:04 UTC 2018
Walter,
Brilliant. I’ll have to have a look at KH. Too many moving parts being collected in this one.
Nice little shell script will do the concat nicely meantime. I like the idea of just using the one port for both. In which case I’ll stick with the https port. I have content policy etc enabled on that site.
> On 6 Mar 2018, at 14:47, Walter York <walteryork at hotmail.com> wrote:
>
> Robert,
>
> There is a github repo that will create and then another script to renew your Let's Encrypt Certs for Icecast. The commands are well documented to help you customize for your specific implementation.
>
> The Repo is here:
> https://github.com/amavarick/letsencrypt_certbot_standalone_icecast <https://github.com/amavarick/letsencrypt_certbot_standalone_icecast>
>
> The commands to concatenate the certs are:
> #Replace domain.tld for the name of your domain as setup in Let's Encrypt.
> #Append FullChain to Icecast certificate
> cat /etc/letsencrypt/live/domain.tld/fullchain.pem > /usr/share/icecast/ssl/domain.tld.pem
> #Append privkey to Icecast certificate
> cat /etc/letsencrypt/live/domain.tld/privkey.pem >> /usr/share/icecast/ssl/domain.tld.pem
>
> I ended up moving to Icecast-KH because they don not require combined certificates, it handles encryption much better as you can use the same port for both http and https and other encryption improvements that make it better than icecast.
>
> From: Icecast <icecast-bounces at xiph.org> on behalf of Robert Chalmers <racuk12 at gmail.com>
> Sent: Monday, March 5, 2018 5:58 AM
> To: icecast at xiph.org
> Subject: [Icecast] How do I combine my ssl certs?
>
>
> I have https/ssl on my site ok, but it uses two certificates from letsencrypt which renew automatically every three months.
> However - Icecase says.
>
> ssl-certificate
> If specified, this points to the location of a file that contains both the X.509 private and public key. This is required for HTTPS support to be enabled. Please note that the user Icecast is running as must be able to read the file. Failing to ensure this will cause a “Invalid cert file” WARN message, just as if the file wasn’t there.
>
> So what is meant here. How do I combine my keys into a file to satisfy this?
>
> Thanks
> Robert
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org <mailto:Icecast at xiph.org>
> http://lists.xiph.org/mailman/listinfo/icecast <http://lists.xiph.org/mailman/listinfo/icecast>
> Icecast Info Page - Xiph.Org Foundation <http://lists.xiph.org/mailman/listinfo/icecast>
> lists.xiph.org <http://lists.xiph.org/>
> While this list and IRC are preferred for user support. There is also a web forum for user support. See icecast.org <http://icecast.org/> for links. To see the collection of prior postings ...
>
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org <mailto:Icecast at xiph.org>
> http://lists.xiph.org/mailman/listinfo/icecast <http://lists.xiph.org/mailman/listinfo/icecast>
Robert Chalmers
https://robert-chalmers.uk
author at robert-chalmers.uk
@R_A_Chalmers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180306/05e80137/attachment.htm>
More information about the Icecast
mailing list