[Icecast] icecast ssl and letsencrypt renewal

_zer0_ gravity zer0___ at hotmail.com
Sat Sep 15 13:56:28 UTC 2018


Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain:

certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name

Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the key and the certificate to 1 file with the following cmd:

cat /etc/letsencrypt/live/icecast.fomain.name/privkey.pem /etc/letsencrypt/live/icecast.domain.name/cert.pem > /etc/icecast2/cert+key.pem

Enable ssl on one of your Icecast sockets in Icecast.xml:

    <listen-socket>
        <port>443</port>
        <bind-address>x.x.x.x</bind-address>
        <ssl>1</ssl>
    </listen-socket>

And specify the location of your certificate in the <paths> section:

        <ssl-certificate>/etc/icecast2/cert+key.pem</ssl-certificate>

After restarting you should have a working Icecast with letsencrypt ssl certificate.

I have a cronjob running daily calling a script to automatically renew the certificate and restart Icecast if needed:

#!/bin/bash
certbot-auto renew --post-hook "cat /etc/letsencrypt/live/icecast.domain.name/privkey.pem /etc/letsencrypt/live/icecast.domain.name/cert.pem > /etc/icecast2/cert+key.pem && /etc/init.d/icecast2 restart"

Hope this helps.

Paul


-----Original Message-----
From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of David Mehler
Sent: vrijdag 7 september 2018 00:21
To: Icecast streaming server user discussions
Subject: Re: [Icecast] icecast ssl and letsencrypt renewal

Hello,

How did you get icecast and letsencrypt certificates working?

Thanks.
Dave.


On 9/6/18, _zer0_ gravity <zer0___ at hotmail.com> wrote:
> That’s what I have been looking for, thanks !
>
> From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen
> Sent: donderdag 6 september 2018 22:21
> To: Icecast streaming server user discussions
> Subject: Re: [Icecast] icecast ssl and letsencrypt renewal
>
> You can add a posthook to your certbot cronjob:
>
> certbot renew —post-hook “/etc/init.d/icecast restart”
>
> Or however you restart icecast
>
> On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity
> <zer0___ at hotmail.com<mailto:zer0___ at hotmail.com>> wrote:
> Hi all,
>
> I have setup icecast to work with letsencrypt ssl certificate, this works
> fine.
> But now I am struggling a bit on how to renew the certificate every 3
> months.
> As per letsencrypt recommendation I run a cronjob to check for  renewal
> every day,
> problem is when there is a new certificate Icecast needs to be restarted to
> pick it up, as the certificate only seems to be loaded at startup of
> icecast.
> I am thinking of checking if the content of the cert.pem file has been
> altered or maybe checking the file date to see if it is not older than 1 day
> or something like that.
>
> Regards and tia,
>
> Paul
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org<mailto:Icecast at xiph.org>
> http://lists.xiph.org/mailman/listinfo/icecast
>
_______________________________________________
Icecast mailing list
Icecast at xiph.org
http://lists.xiph.org/mailman/listinfo/icecast


More information about the Icecast mailing list