[Icecast] icecast ssl and letsencrypt renewal
zer0___ at hotmail.com
Sat Sep 15 13:56:28 UTC 2018
Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain:
certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name
Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the key and the certificate to 1 file with the following cmd:
cat /etc/letsencrypt/live/icecast.fomain.name/privkey.pem /etc/letsencrypt/live/icecast.domain.name/cert.pem > /etc/icecast2/cert+key.pem
Enable ssl on one of your Icecast sockets in Icecast.xml:
And specify the location of your certificate in the <paths> section:
After restarting you should have a working Icecast with letsencrypt ssl certificate.
I have a cronjob running daily calling a script to automatically renew the certificate and restart Icecast if needed:
certbot-auto renew --post-hook "cat /etc/letsencrypt/live/icecast.domain.name/privkey.pem /etc/letsencrypt/live/icecast.domain.name/cert.pem > /etc/icecast2/cert+key.pem && /etc/init.d/icecast2 restart"
Hope this helps.
From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of David Mehler
Sent: vrijdag 7 september 2018 00:21
To: Icecast streaming server user discussions
Subject: Re: [Icecast] icecast ssl and letsencrypt renewal
How did you get icecast and letsencrypt certificates working?
On 9/6/18, _zer0_ gravity <zer0___ at hotmail.com> wrote:
> That’s what I have been looking for, thanks !
> From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen
> Sent: donderdag 6 september 2018 22:21
> To: Icecast streaming server user discussions
> Subject: Re: [Icecast] icecast ssl and letsencrypt renewal
> You can add a posthook to your certbot cronjob:
> certbot renew —post-hook “/etc/init.d/icecast restart”
> Or however you restart icecast
> On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity
> <zer0___ at hotmail.com<mailto:zer0___ at hotmail.com>> wrote:
> Hi all,
> I have setup icecast to work with letsencrypt ssl certificate, this works
> But now I am struggling a bit on how to renew the certificate every 3
> As per letsencrypt recommendation I run a cronjob to check for renewal
> every day,
> problem is when there is a new certificate Icecast needs to be restarted to
> pick it up, as the certificate only seems to be loaded at startup of
> I am thinking of checking if the content of the cert.pem file has been
> altered or maybe checking the file date to see if it is not older than 1 day
> or something like that.
> Regards and tia,
> Icecast mailing list
> Icecast at xiph.org<mailto:Icecast at xiph.org>
Icecast mailing list
Icecast at xiph.org
More information about the Icecast