Icecast - Sep 2018 - icecast ssl and letsencrypt renewal

That’s what I have been looking for, thanks !

From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen
Sent: donderdag 6 september 2018 22:21
To: Icecast streaming server user discussions
Subject: Re: [Icecast] icecast ssl and letsencrypt renewal

You can add a posthook to your certbot cronjob:

certbot renew —post-hook “/etc/init.d/icecast restart”

Or however you restart icecast

On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity <zer0___ at
hotmail.com<mailto:zer0___ at hotmail.com>> wrote:
Hi all,

I have setup icecast to work with letsencrypt ssl certificate, this works fine.
But now I am struggling a bit on how to renew the certificate every 3 months.
As per letsencrypt recommendation I run a cronjob to check for  renewal every
day,
problem is when there is a new certificate Icecast needs to be restarted to pick
it up, as the certificate only seems to be loaded at startup of icecast.
I am thinking of checking if the content of the cert.pem file has been altered
or maybe checking the file date to see if it is not older than 1 day or
something like that.

Regards and tia,

Paul
_______________________________________________
Icecast mailing list
Icecast at xiph.org<mailto:Icecast at xiph.org>
http://lists.xiph.org/mailman/listinfo/icecast
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20180906/dafecca7/attachment.html>

Hello,

How did you get icecast and letsencrypt certificates working?

Thanks.
Dave.


On 9/6/18, _zer0_ gravity <zer0___ at hotmail.com>
wrote:
> That’s what I have been looking for, thanks !
>
> From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen
> Sent: donderdag 6 september 2018 22:21
> To: Icecast streaming server user discussions
> Subject: Re: [Icecast] icecast ssl and letsencrypt renewal
>
> You can add a posthook to your certbot cronjob:
>
> certbot renew —post-hook “/etc/init.d/icecast restart”
>
> Or however you restart icecast
>
> On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity
> <zer0___ at hotmail.com<mailto:zer0___ at hotmail.com>> wrote:
> Hi all,
>
> I have setup icecast to work with letsencrypt ssl certificate, this works
> fine.
> But now I am struggling a bit on how to renew the certificate every 3
> months.
> As per letsencrypt recommendation I run a cronjob to check for  renewal
> every day,
> problem is when there is a new certificate Icecast needs to be restarted to
> pick it up, as the certificate only seems to be loaded at startup of
> icecast.
> I am thinking of checking if the content of the cert.pem file has been
> altered or maybe checking the file date to see if it is not older than 1
day
> or something like that.
>
> Regards and tia,
>
> Paul
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org<mailto:Icecast at xiph.org>
> http://lists.xiph.org/mailman/listinfo/icecast
>

Install letsencrypt and request a certificate specifying the webroot of your
Icecast server and the host.domain:

certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d
icecast.domain.name

Now you should have a certificate for your server, it's only in the wrong
format for Icecast, copy the key and the certificate to 1 file with the
following cmd:

cat /etc/letsencrypt/live/icecast.fomain.name/privkey.pem
/etc/letsencrypt/live/icecast.domain.name/cert.pem >
/etc/icecast2/cert+key.pem

Enable ssl on one of your Icecast sockets in Icecast.xml:

    <listen-socket>
        <port>443</port>
        <bind-address>x.x.x.x</bind-address>
        <ssl>1</ssl>
    </listen-socket>

And specify the location of your certificate in the <paths> section:

       
<ssl-certificate>/etc/icecast2/cert+key.pem</ssl-certificate>

After restarting you should have a working Icecast with letsencrypt ssl
certificate.

I have a cronjob running daily calling a script to automatically renew the
certificate and restart Icecast if needed:

#!/bin/bash
certbot-auto renew --post-hook "cat
/etc/letsencrypt/live/icecast.domain.name/privkey.pem
/etc/letsencrypt/live/icecast.domain.name/cert.pem >
/etc/icecast2/cert+key.pem && /etc/init.d/icecast2 restart"

Hope this helps.

Paul


-----Original Message-----
From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of David Mehler
Sent: vrijdag 7 september 2018 00:21
To: Icecast streaming server user discussions
Subject: Re: [Icecast] icecast ssl and letsencrypt renewal

Hello,

How did you get icecast and letsencrypt certificates working?

Thanks.
Dave.


On 9/6/18, _zer0_ gravity <zer0___ at hotmail.com>
wrote:
> That’s what I have been looking for, thanks !
>
> From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen
> Sent: donderdag 6 september 2018 22:21
> To: Icecast streaming server user discussions
> Subject: Re: [Icecast] icecast ssl and letsencrypt renewal
>
> You can add a posthook to your certbot cronjob:
>
> certbot renew —post-hook “/etc/init.d/icecast restart”
>
> Or however you restart icecast
>
> On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity
> <zer0___ at hotmail.com<mailto:zer0___ at hotmail.com>> wrote:
> Hi all,
>
> I have setup icecast to work with letsencrypt ssl certificate, this works
> fine.
> But now I am struggling a bit on how to renew the certificate every 3
> months.
> As per letsencrypt recommendation I run a cronjob to check for  renewal
> every day,
> problem is when there is a new certificate Icecast needs to be restarted to
> pick it up, as the certificate only seems to be loaded at startup of
> icecast.
> I am thinking of checking if the content of the cert.pem file has been
> altered or maybe checking the file date to see if it is not older than 1
day
> or something like that.
>
> Regards and tia,
>
> Paul
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org<mailto:Icecast at xiph.org>
> http://lists.xiph.org/mailman/listinfo/icecast
>
_______________________________________________
Icecast mailing list
Icecast at xiph.org
http://lists.xiph.org/mailman/listinfo/icecast