thr3ads.net - Icecast - [Icecast] Invalid SSL-certificate [Jul 2024]

If this information is useful, please help other people find it:
Share via:

Thomas Jensen

2024-Jul-13 11:59 UTC

[Icecast] Invalid SSL-certificate

Hello

I am running https://radio.horsens-garage.rocks:8443. The SSL-
certificate is made like this:

cat /etc/letsencrypt/live/horsens-garage.rocks/fullchain.pem
/etc/letsencrypt/live/horsens-garage.rocks/privkey.pem >
/etc/icecast2/bundle.pem 

I have had no errors or warnings in any browser. Until now! Fulguris, a
FOSS-browser for android, gave me a warning about invalide date in the
certificate...

https://horsens-garage.rocks has a mediaplayer, that will stream music
from the radio. If I test horsens-garage.rocks in a "Test-Your-SSL"
site, there are no problems. But if I test radio.horsens-
garage.rocks:8443, it report invalide date.

https://www.sslshopper.com/ssl-checker.html#hostname=radio.horsens-garage.rocks:8443

But they both use the very same letsencrypt certificate! Icecast use
the bundle.pem made from the letsencrypt certificate/key.

<ssl-certificate>/etc/icecast2/bundle.pem</ssl-certificate>

Does any of you know what is wrong?

-- 
Thomas Jensen, Denmark

Jordan Erickson

2024-Jul-13 13:56 UTC

head link

[Icecast] Invalid SSL-certificate

Hi,

On 7/13/24 04:59, Thomas Jensen wrote:> I am runninghttps://radio.horsens-garage.rocks:8443.
Ok.> If I test horsens-garage.rocks in a "Test-Your-SSL"
> site, there are no problems. But if I test radio.horsens-
> garage.rocks:8443, it report invalide date.horsens-garage.rocks != radio.horsens-garage.rocks, BUT, according to 
the testing site you're using radio.horsens-garage.rocks as a SAN so 
that should be fine. Serial numbers are the same:

---
Common name: horsens-garage.rocks
SANs: horsens-garage.rocks, radio.horsens-garage.rocks, 
www.horsens-garage.rocks
Valid from June 9, 2024 to September 7, 2024
Serial Number: 03d86c7828fdae42b7d00f7159e11df15a36
Signature Algorithm: sha256WithRSAEncryption
Issuer: R10
---
However, going to the radio.horsens-garage.rocks URL in Firefox renders 
that your cert is expired: Did you replace the cert on Icecast and not 
reload? Cheers, Jordan Erickson

-- 
https://subj.am/
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20240713/569da022/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gkINTHOrdx2JFuYu.png
Type: image/png
Size: 48800 bytes
Desc: not available
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20240713/569da022/attachment.png>

Possibly Parallel Threads

Search for more seemingly similar threads

Icecast - Jul 2024 - Invalid SSL-certificate

[Icecast] Invalid SSL-certificate

[Icecast] Invalid SSL-certificate

Possibly Parallel Threads