[Icecast] Icecast2 with SSL, includes error.log extract

Steve Matzura sm at noisynotes.com
Sat Nov 28 14:08:21 UTC 2020

Believe it or not, I have done all of those things.

When I restart Icecast with everything enabled--<ssl>1</sl>, 
<ssl-certificate>/blah/blah/blah</ssl-certificate>, I get what I posted 
from error.log. When I try to tream something to the server using 
ezstream, ezstream can't connect to the server. Unfortunately, I blew 
the log I had of this error, so when I can, I'll re-create that and post it.

The problem could be one of a couple things. Most likely it's my bundle. 
I have a full chain and a private key that I use with Apache and 
EngineX, and that works, so I figured it should work with Icecast. But 
jut for the heck of it, I re-created that bundle by downloading my 
server's public and certifying authority keys as provided by the server 
hosting company, and made another bundle out of those two things plus my 
server's private key. I have yet to be able to test this new bundle, but 
I don't hold much hope for it working since the other bundle is what's 
being used to provide secure access (https) for my server's Web 
presence. I know there's something different about the two bundles 
because they are different sizes--not much different, but different in 
some way. I wish there was a way I could somehow run another instance of 
Icecast on my server (with different ports, of course) to test with. 
Then I'd have a better idea of what's going wrong, and how to fix it.

On 11/28/2020 12:56 AM, Norbert Deleutre wrote:
> Hello Steeve,
> 5 important things for having icecast with SSL :
>   * Install icecast with open ssl :
>     https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)
>     <https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)>
>   * Concatenate fullchain.pen and privacy.pem => bundle.pem
>   * Add in icecast.xml : <ssl>1</ssl> and
>     <ssl-certificate>/etc/icecast2/bundle.pem</ssl-certificate>
>   * Check local firewall (netstat -pantu | grep icecast)
>  *
>     Restart icecast
>     ALL you MUST do is here explain here :
>     https://mediarealm.com.au/articles/icecast-https-ssl-setup-lets-encrypt/
>     <https://mediarealm.com.au/articles/icecast-https-ssl-setup-lets-encrypt/>
> --------
> Norbert Deleutre <http://www.lmgc.univ-montp2.fr/perso/norbert-deleutre/>
> P 0467149655 UMR CNRS 5508 <http://www.lmgc.univ-montp2.fr/>
> A Campus Saint-Priest/Montpellier
>> Le 27 nov. 2020 à 23:17, Steve Matzura <sm at noisynotes.com 
>> <mailto:sm at noisynotes.com>> a écrit :
>> I have absolutely no idea what any of this means, good or bad, but I 
>> do know that after restarting Icecast, I couldn't restart ices and 
>> therefore couldn't connect to the server. Apparently something is 
>> wrong with my PEM certificate file, but I truly don't know what it 
>> could be. I created it by concatenating my server's public key plus 
>> its certifying authority (CA) key provided by the hosting company 
>> plus the server's private key according to many articles and Web 
>> pages, not to mention several helpful messages on this very list. 
>> After restarting Icecast, I could not restart ices, which probably 
>> means I need something else in the ices configuration about which I 
>> do not know, or my certificate PEM file is bad. Any help on solving 
>> this would be greatly appreaciated. I feel I'm very close, jut one 
>> detail away from getting it right.
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20201128/39fd1712/attachment.htm>

More information about the Icecast mailing list