[prev in list] [next in list] [prev in thread] [next in thread]
List: icecast
Subject: Re: [Icecast] Icecast2 with SSL, includes error.log extract
From: Steve Matzura <sm () noisynotes ! com>
Date: 2020-11-28 14:08:21
Message-ID: 690f1ba2-4e83-819b-80da-0b368e20e11c () noisynotes ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Believe it or not, I have done all of those things.
When I restart Icecast with everything enabled--<ssl>1</sl>,
<ssl-certificate>/blah/blah/blah</ssl-certificate>, I get what I posted
from error.log. When I try to tream something to the server using
ezstream, ezstream can't connect to the server. Unfortunately, I blew
the log I had of this error, so when I can, I'll re-create that and post it.
The problem could be one of a couple things. Most likely it's my bundle.
I have a full chain and a private key that I use with Apache and
EngineX, and that works, so I figured it should work with Icecast. But
jut for the heck of it, I re-created that bundle by downloading my
server's public and certifying authority keys as provided by the server
hosting company, and made another bundle out of those two things plus my
server's private key. I have yet to be able to test this new bundle, but
I don't hold much hope for it working since the other bundle is what's
being used to provide secure access (https) for my server's Web
presence. I know there's something different about the two bundles
because they are different sizes--not much different, but different in
some way. I wish there was a way I could somehow run another instance of
Icecast on my server (with different ports, of course) to test with.
Then I'd have a better idea of what's going wrong, and how to fix it.
On 11/28/2020 12:56 AM, Norbert Deleutre wrote:
> Hello Steeve,
>
> 5 important things for having icecast with SSL :
>
> * Install icecast with open ssl :
> https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)
> <https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)>
> * Concatenate fullchain.pen and privacy.pem => bundle.pem
> * Add in icecast.xml : <ssl>1</ssl> and
> <ssl-certificate>/etc/icecast2/bundle.pem</ssl-certificate>
> * Check local firewall (netstat -pantu | grep icecast)
> *
> Restart icecast
>
>
> ALL you MUST do is here explain here :
> https://mediarealm.com.au/articles/icecast-https-ssl-setup-lets-encrypt/
> <https://mediarealm.com.au/articles/icecast-https-ssl-setup-lets-encrypt/>
>
>
>
>
>
>
>
> --------
>
>
>
> Norbert Deleutre <http://www.lmgc.univ-montp2.fr/perso/norbert-deleutre/>
>
>
>
> P 0467149655 UMR CNRS 5508 <http://www.lmgc.univ-montp2.fr/>
>
>
> A Campus Saint-Priest/Montpellier
>
>
>
>
>> Le 27 nov. 2020 à 23:17, Steve Matzura <sm@noisynotes.com
>> <mailto:sm@noisynotes.com>> a écrit :
>>
>> I have absolutely no idea what any of this means, good or bad, but I
>> do know that after restarting Icecast, I couldn't restart ices and
>> therefore couldn't connect to the server. Apparently something is
>> wrong with my PEM certificate file, but I truly don't know what it
>> could be. I created it by concatenating my server's public key plus
>> its certifying authority (CA) key provided by the hosting company
>> plus the server's private key according to many articles and Web
>> pages, not to mention several helpful messages on this very list.
>> After restarting Icecast, I could not restart ices, which probably
>> means I need something else in the ices configuration about which I
>> do not know, or my certificate PEM file is bad. Any help on solving
>> this would be greatly appreaciated. I feel I'm very close, jut one
>> detail away from getting it right.
>
>
> _______________________________________________
> Icecast mailing list
> Icecast@xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Believe it or not, I have done all of those things.</p>
<p><br>
</p>
<p>When I restart Icecast with everything
enabled--<ssl>1</sl>,
<ssl-certificate>/blah/blah/blah</ssl-certificate>, I
get what I posted from error.log. When I try to tream something to
the server using ezstream, ezstream can't connect to the server.
Unfortunately, I blew the log I had of this error, so when I can,
I'll re-create that and post it.</p>
<p><br>
</p>
<p>The problem could be one of a couple things. Most likely it's my
bundle. I have a full chain and a private key that I use with
Apache and EngineX, and that works, so I figured it should work
with Icecast. But jut for the heck of it, I re-created that bundle
by downloading my server's public and certifying authority keys as
provided by the server hosting company, and made another bundle
out of those two things plus my server's private key. I have yet
to be able to test this new bundle, but I don't hold much hope for
it working since the other bundle is what's being used to provide
secure access (https) for my server's Web presence. I know there's
something different about the two bundles because they are
different sizes--not much different, but different in some way. I
wish there was a way I could somehow run another instance of
Icecast on my server (with different ports, of course) to test
with. Then I'd have a better idea of what's going wrong, and how
to fix it.</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 11/28/2020 12:56 AM, Norbert
Deleutre wrote:<br>
</div>
<blockquote type="cite"
cite="mid:3615FA29-73B5-4B39-97B2-15DD3F2ADCEA@umontpellier.fr">Hello
Steeve,
<div class=""><br class="">
</div>
<div class="">5 important things for having icecast with SSL :</div>
<div class="">
<ul class="MailOutline">
<li class="">Install icecast with open ssl : <a
href="https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)"
class="" \
moz-do-not-send="true">https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)</a></li>
<li class="">Concatenate fullchain.pen and privacy.pem =>
bundle.pem </li>
<li class=""><span class="">Add in icecast.xml
: <ssl>1</ssl> and <span \
class=""><ssl-certificate>/etc/icecast2/bundle.pem</ssl-certificate></span></span></li>
<li class=""><span class="">Check local firewall (netstat
-pantu | grep icecast)</span></li>
<li class="">
<div class="">Restart icecast</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">ALL you MUST do is here explain here : <a
href="https://mediarealm.com.au/articles/icecast-https-ssl-setup-lets-encrypt/"
class="" \
moz-do-not-send="true">https://mediarealm.com.au/articles/icecast-https-ssl-setup-lets-encrypt/</a></div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
</li>
</ul>
<div class="">
<table id="zs-output-sig" class="">
<tbody class="">
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class=""><span
class="">--------</span></td>
</tr>
<tr class="">
<td class=""><br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class="" width="98">
<table class="">
<tbody class="">
<tr class="">
<td class=""><img alt="" class=""
moz-do-not-send="true" width="98"
height="98"></td>
</tr>
</tbody>
</table>
</td>
<td class="" width="14"><br>
</td>
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class=""><span
class=""><a
target="_blank"
rel="nofollow"
\
href="http://www.lmgc.univ-montp2.fr/perso/norbert-deleutre/" class=""
moz-do-not-send="true">
Norbert Deleutre
</a></span></td>
</tr>
<tr class="">
<td class=""><br>
</td>
</tr>
<tr class="">
<td class=""><br>
</td>
</tr>
<tr class="">
<td class=""><br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class=""><span
class="">P</span> <span
class="">0467149655 </span>
<span class="">UMR</span>
<span class=""><a
target="_blank"
rel="nofollow"
\
href="http://www.lmgc.univ-montp2.fr/" class=""
moz-do-not-send="true">
CNRS 5508 </a></span></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class=""><br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class=""><span
class="">A</span> <span
class="">Campus
Saint-Priest/Montpellier
</span></td>
</tr>
<tr class="">
<td class=""><br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr class="">
<td class="">
<table class="">
<tbody class="">
<tr class="">
<td class="">
<table class="">
<tbody class="">
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr class="">
<td class=""><br>
</td>
</tr>
<tr class="">
<td class=""><br>
</td>
</tr>
</tbody>
</table>
</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">Le 27 nov. 2020 à 23:17, Steve Matzura <<a
href="mailto:sm@noisynotes.com" class=""
moz-do-not-send="true">sm@noisynotes.com</a>> a écrit
:</div>
<br class="Apple-interchange-newline">
<div class=""><span class="">I have absolutely no idea what
any of this means, good or bad, but I do know that after
restarting Icecast, I couldn't restart ices and
therefore couldn't connect to the server. Apparently
something is wrong with my PEM certificate file, but I
truly don't know what it could be. I created it by
concatenating my server's public key plus its certifying
authority (CA) key provided by the hosting company plus
the server's private key according to many articles and
Web pages, not to mention several helpful messages on
this very list. After restarting Icecast, I could not
restart ices, which probably means I need something else
in the ices configuration about which I do not know, or
my certificate PEM file is bad. Any help on solving this
would be greatly appreaciated. I feel I'm very close,
jut one detail away from getting it right.</span><br
class="">
</div>
</blockquote>
</div>
<br class="">
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" \
wrap="">_______________________________________________ Icecast mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:Icecast@xiph.org">Icecast@xiph.org</a> <a class="moz-txt-link-freetext" \
href="http://lists.xiph.org/mailman/listinfo/icecast">http://lists.xiph.org/mailman/listinfo/icecast</a>
</pre>
</blockquote>
</body>
</html>
[Attachment #6 (text/plain)]
_______________________________________________
Icecast mailing list
Icecast@xiph.org
http://lists.xiph.org/mailman/listinfo/icecast
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic