I have https/ssl on my site ok, but it uses two certificates from letsencrypt which renew automatically every three months. However - Icecase says. ssl-certificate If specified, this points to the location of a file that contains both the X.509 private and public key. This is required for HTTPS support to be enabled. Please note that the user Icecast is running as must be able to read the file. Failing to ensure this will cause a ?Invalid cert file? WARN message, just as if the file wasn?t there. So what is meant here. How do I combine my keys into a file to satisfy this? Thanks Robert
Robert, There is a github repo that will create and then another script to renew your Let's Encrypt Certs for Icecast. The commands are well documented to help you customize for your specific implementation. The Repo is here: https://github.com/amavarick/letsencrypt_certbot_standalone_icecast The commands to concatenate the certs are: #Replace domain.tld for the name of your domain as setup in Let's Encrypt. #Append FullChain to Icecast certificate cat /etc/letsencrypt/live/domain.tld/fullchain.pem > /usr/share/icecast/ssl/domain.tld.pem #Append privkey to Icecast certificate cat /etc/letsencrypt/live/domain.tld/privkey.pem >> /usr/share/icecast/ssl/domain.tld.pem I ended up moving to Icecast-KH because they don not require combined certificates, it handles encryption much better as you can use the same port for both http and https and other encryption improvements that make it better than icecast. ________________________________ From: Icecast <icecast-bounces at xiph.org> on behalf of Robert Chalmers <racuk12 at gmail.com> Sent: Monday, March 5, 2018 5:58 AM To: icecast at xiph.org Subject: [Icecast] How do I combine my ssl certs? I have https/ssl on my site ok, but it uses two certificates from letsencrypt which renew automatically every three months. However - Icecase says. ssl-certificate If specified, this points to the location of a file that contains both the X.509 private and public key. This is required for HTTPS support to be enabled. Please note that the user Icecast is running as must be able to read the file. Failing to ensure this will cause a ?Invalid cert file? WARN message, just as if the file wasn?t there. So what is meant here. How do I combine my keys into a file to satisfy this? Thanks Robert _______________________________________________ Icecast mailing list Icecast at xiph.org http://lists.xiph.org/mailman/listinfo/icecast Icecast Info Page - Xiph.Org Foundation<http://lists.xiph.org/mailman/listinfo/icecast> lists.xiph.org While this list and IRC are preferred for user support. There is also a web forum for user support. See icecast.org for links. To see the collection of prior postings ... -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180306/bd429273/attachment.htm>
Walter, Brilliant. I’ll have to have a look at KH. Too many moving parts being collected in this one. Nice little shell script will do the concat nicely meantime. I like the idea of just using the one port for both. In which case I’ll stick with the https port. I have content policy etc enabled on that site.> On 6 Mar 2018, at 14:47, Walter York <walteryork at hotmail.com> wrote: > > Robert, > > There is a github repo that will create and then another script to renew your Let's Encrypt Certs for Icecast. The commands are well documented to help you customize for your specific implementation. > > The Repo is here: > https://github.com/amavarick/letsencrypt_certbot_standalone_icecast <https://github.com/amavarick/letsencrypt_certbot_standalone_icecast> > > The commands to concatenate the certs are: > #Replace domain.tld for the name of your domain as setup in Let's Encrypt. > #Append FullChain to Icecast certificate > cat /etc/letsencrypt/live/domain.tld/fullchain.pem > /usr/share/icecast/ssl/domain.tld.pem > #Append privkey to Icecast certificate > cat /etc/letsencrypt/live/domain.tld/privkey.pem >> /usr/share/icecast/ssl/domain.tld.pem > > I ended up moving to Icecast-KH because they don not require combined certificates, it handles encryption much better as you can use the same port for both http and https and other encryption improvements that make it better than icecast. > > From: Icecast <icecast-bounces at xiph.org> on behalf of Robert Chalmers <racuk12 at gmail.com> > Sent: Monday, March 5, 2018 5:58 AM > To: icecast at xiph.org > Subject: [Icecast] How do I combine my ssl certs? > > > I have https/ssl on my site ok, but it uses two certificates from letsencrypt which renew automatically every three months. > However - Icecase says. > > ssl-certificate > If specified, this points to the location of a file that contains both the X.509 private and public key. This is required for HTTPS support to be enabled. Please note that the user Icecast is running as must be able to read the file. Failing to ensure this will cause a “Invalid cert file” WARN message, just as if the file wasn’t there. > > So what is meant here. How do I combine my keys into a file to satisfy this? > > Thanks > Robert > _______________________________________________ > Icecast mailing list > Icecast at xiph.org <mailto:Icecast at xiph.org> > http://lists.xiph.org/mailman/listinfo/icecast <http://lists.xiph.org/mailman/listinfo/icecast> > Icecast Info Page - Xiph.Org Foundation <http://lists.xiph.org/mailman/listinfo/icecast> > lists.xiph.org <http://lists.xiph.org/> > While this list and IRC are preferred for user support. There is also a web forum for user support. See icecast.org <http://icecast.org/> for links. To see the collection of prior postings ... > > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org <mailto:Icecast at xiph.org> > http://lists.xiph.org/mailman/listinfo/icecast <http://lists.xiph.org/mailman/listinfo/icecast>Robert Chalmers https://robert-chalmers.uk author at robert-chalmers.uk @R_A_Chalmers -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180306/05e80137/attachment-0001.html>
Walter, Very nice. Compiles out of the box on the Mac Sierra. (Mac Mini) and seems to run without issues. Not much in the log files. Few warnings but nothing major. Most excellent - thanks. And here’s me thinking my week was done… I haven’t done a make install yet for obvious reasons. Just ran it out of it’s make directory. I want to be sure I see where it will install it’s bits. So a little bit of investigation yet. Thanks again for the pointers to the version. Robert> On 6 Mar 2018, at 14:47, Walter York <walteryork at hotmail.com> wrote: > > Robert, > > There is a github repo that will create and then another script to renew your Let's Encrypt Certs for Icecast. The commands are well documented to help you customize for your specific implementation. > > The Repo is here: > https://github.com/amavarick/letsencrypt_certbot_standalone_icecast <https://github.com/amavarick/letsencrypt_certbot_standalone_icecast> > > The commands to concatenate the certs are: > #Replace domain.tld for the name of your domain as setup in Let's Encrypt. > #Append FullChain to Icecast certificate > cat /etc/letsencrypt/live/domain.tld/fullchain.pem > /usr/share/icecast/ssl/domain.tld.pem > #Append privkey to Icecast certificate > cat /etc/letsencrypt/live/domain.tld/privkey.pem >> /usr/share/icecast/ssl/domain.tld.pem > > I ended up moving to Icecast-KH because they don not require combined certificates, it handles encryption much better as you can use the same port for both http and https and other encryption improvements that make it better than icecast. > > From: Icecast <icecast-bounces at xiph.org> on behalf of Robert Chalmers <racuk12 at gmail.com> > Sent: Monday, March 5, 2018 5:58 AM > To: icecast at xiph.org > Subject: [Icecast] How do I combine my ssl certs? > > > I have https/ssl on my site ok, but it uses two certificates from letsencrypt which renew automatically every three months. > However - Icecase says. > > ssl-certificate > If specified, this points to the location of a file that contains both the X.509 private and public key. This is required for HTTPS support to be enabled. Please note that the user Icecast is running as must be able to read the file. Failing to ensure this will cause a “Invalid cert file” WARN message, just as if the file wasn’t there. > > So what is meant here. How do I combine my keys into a file to satisfy this? > > Thanks > Robert > _______________________________________________ > Icecast mailing list > Icecast at xiph.org <mailto:Icecast at xiph.org> > http://lists.xiph.org/mailman/listinfo/icecast <http://lists.xiph.org/mailman/listinfo/icecast> > Icecast Info Page - Xiph.Org Foundation <http://lists.xiph.org/mailman/listinfo/icecast> > lists.xiph.org <http://lists.xiph.org/> > While this list and IRC are preferred for user support. There is also a web forum for user support. See icecast.org <http://icecast.org/> for links. To see the collection of prior postings ... > > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org <mailto:Icecast at xiph.org> > http://lists.xiph.org/mailman/listinfo/icecast <http://lists.xiph.org/mailman/listinfo/icecast>Robert Chalmers https://robert-chalmers.uk author at robert-chalmers.uk @R_A_Chalmers -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180306/00c97a62/attachment.html>