[Icecast] Icecast2 with SSL, includes error.log extract

Steve Matzura sm at noisynotes.com
Fri Nov 27 22:17:14 UTC 2020 

After placing "<ssl>1</ssl>" in the listen-sockets stanza and the path 
to my PEM-format certificate in the paths stanza, I restarted Icecast2. 
In /usr/share/icecast2/log I got the following in error.log:


[2020-11-27  22:00:07] INFO connection/get_ssl_certificate SSL 
certificate found at /etc/ssl/2020/icecast.pem
[2020-11-27  22:00:07] INFO connection/get_ssl_certificate SSL using 
ciphers 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

I have absolutely no idea what any of this means, good or bad, but I do 
know that after restarting Icecast, I couldn't restart ices and 
therefore couldn't connect to the server. Apparently something is wrong 
with my PEM certificate file, but I truly don't know what it could be. I 
created it by concatenating my server's public key plus its certifying 
authority (CA) key provided by the hosting company plus the server's 
private key according to many articles and Web pages, not to mention 
several helpful messages on this very list. After restarting Icecast, I 
could not restart ices, which probably means I need something else in 
the ices configuration about which I do not know, or my certificate PEM 
file is bad. Any help on solving this would be greatly appreaciated. I 
feel I'm very close, jut one detail away from getting it right.


Thanks in advance.

More information about the Icecast mailing list