Add ssl to your Icecast2 stream - sweet and simple

Get Help
23

Hello, this is the most lively topic on the forum about installing an SSL certificate. I have another question what will happen to the live broadcast that is broadcast via MIXXX with a live presenter - to the radio site, after installing an SSL certificate on the libretime and radio site. The 8002/show settings remain on the http protocol. But in your instructions for the reverse proxy server it says that the stream will not be broadcast if the streams are in a different format

24

I see all of the posts are regarding SSL and Ubuntu 18. How about Icecast2 and Ubuntu22? I have tried to get the Icecast2 download from Xiph for Ubuntu 22, but with no luck. Any suggestions? Iā€™m not a noob on this, but Iā€™m not experienced either. Kinda in the middleā€¦
Thanks.

Scott

25

I think this is now the best way to secure your icecast2 plus and any recent versions of Ubuntu:

26

Thanks, boydbadten. Iā€™ll give it a shot pretty soon.

27

Hello,
I know Iā€™m a bit late to the party, but I just wanted to leave this comment here for anyone who may end up in the same situation as I did.
I have icecast (2.4.4) running on Windows 10, and I have requested my certificates using the ā€œnormalā€ method using certbot. After I received my certificates, Iā€™ve concatenated them into that file and Iā€™ve notices that the key is VERY small compared to my previous one (just 3-4 rows).
When Iā€™ve tried to connect to the server Iā€™ve got an error from FireFox saying SSL_ERROR_NO_CYPHER_OVERLAP.
Upon further investigation certbot is using the key type ecdsa as a default. So, what I did was to run certbot again but this time with the --key-type rsa option. This gave me a ā€œnormalā€ key that I could paste in the config file and get it going

Example command: certbot --standalone --key-type rsa

This took me about 6-7 hours to figure out. Donā€™t be like me

28

for clarification, do any of the listen-sockets have to be running on port 80?

29

I believe so. Since thereā€™s no SSL certificate when the certbot first requests one it connects on port 80, not port 443.

Our web server automatically redirects port 80 requests to port 443, but certbot seems to deal with that and still updates automatically.

ā€“Bob.

30

I got from letā€™s encrypt 3 files:
ca_bundle.crt
certificate.crt
private.key

The certificate.crt files has inside 2 sections of
-----BEGIN CERTIFICATE-----
bla bla bla
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
ble ble ble
-----END CERTIFICATE-----

How Can I get the .pem file needed for icecast?

Regards folks!!!