I use Let's Encrypt for SSL with icecast. Here is my rudimentary script on
GitHub... It does NOT require Apache or nginx.
https://github.com/amavarick/letsencrypt_certbot_standalone_icecast
On Jul 10, 2017, at 9:39 AM, ScanCaster <scancaster at
scancaster.net<mailto:scancaster at scancaster.net>> wrote:
On Mon, 10 Jul 2017 09:31:06 +0000, Philipp Schafft wrote:
Good morning,
The <ssl-certificate> belongs in the <paths> section of the config
file.
(I'm not sure what you mean with 'in same', just wanted to make it
clear.)
"in same" = in same file, icecast.xml
The format is the OpenSSL format: key, blank line, cert (chain). echo |
cat key.pem - cert.pem > combo.pem
Thats what I needed to verify...
kill -HUP pidOfIcecast
As of Icecast2 2.4.x you need to restart Icecast to reload the cert.
There is however a fix in 2.5.x (development) which is hopefully
released with the next development update.
Unfortunately, for our setup, a change for "security" reasons affects
our
operations, in that metadata is not accepted from an IP which is not the
sources IP. We have server wide metadata that is written to our sources
at times. So we have to stick to a version prior to this, 2.4.2 or so or
all our scripts break. If there is an option to allow an override of
this, we would look to update, but if not, the server wide metadata is
more important.
Sure. Just put it into the webroot (<webroot> in <paths>). Icecast
handles files in webroot according to your operating system's mine-type
table.
Yeah, I dumped an old test file in there from an old domain, and tried
it, worked, fine... a little redir 80 to 8000 and that will suffice.
Icecast only processes XSLT files as XSLT.
Just like to verify, since I never touched any thing in that server.
To avoid the need to run Icecast as privileged user in oder to bind to
low ports (if Comodo really insists in using port 80) you can use your
firewall to do a local redirect.
We can do a redir via some software, but yes, Comodo insists that is
either on 80 or 443 if you do their web based verification. The DNS one
on 53, I've never ever got to work. I personally think they are too quick
to look and then give up on looking at the DNS server for their TXT
record and/or don't pull it direct from the DNS server with authority
which would show the change immediately. Don't know, except that its been
100% failure when trying to use it.
Thanks.
________________________________
Icecast mailing list
Icecast at xiph.org
http://lists.xiph.org/mailman/listinfo/icecast
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20170710/1794e989/attachment.htm>
