Securing Icecast Streams with SSL

Read 9284 times
Greetings:
I am in the process of switching my stations from ShoutcastV2 to Icecast2 so that I may use SSL.  I was able to install a cert from Let's Encrypt for the Centova site, and I can access the control panel with https://.  I added a listener to the server.conf as follows:
<listen-socket>
    <port>8006</port>
    <ssl>1</ssl>
  </listen-socket>
and added the path to the SSL for Centova like this:
<ssl-certificate>/usr/local/centovacast/etc/ssl/certificate.pem</ssl-certificate>
I left these lines as they were:
 <!-- You can use these two if you only want a single listener -->
     <port>8006</port>
  <bind-address>IP_address</bind-address>
I restarted the server and attempted to access the stream at https://example.com:PORT/stream.  I get a server disconnect error message.  I can access the stream at http:// -- The .pem file appears to have the cert, followed by the key.  Any ideas?  Thanks!
Last Edit: Today at 10:18:48 am by dgarlock
Greetings:
I am in the process of switching my stations from ShoutcastV2 to Icecast2 so that I may use SSL.  I was able to install a cert from Let's Encrypt for the Centova site, and I can access the control panel with https://.

I think I can help with this. As I discovered much to my dismay earlier this week, Icecast2 is not distributed by Debian (and Ubuntu, and likely other Linux distributions as well) with SSL support. The reason for this is somewhat complicated, and has to do with the nature of the GNU Public License to which Debian adheres. You'll have to compile from source. The good news is, that's not as daunting as it might seem. I found the following guide to be straightforward in compiling Icecast2 from source with SSL support: https://jksinton.com/articles/rpi-compiling-icecast-support-openssl