MediaCP Manual
    1. Getting Started
    2. Sales Questions
    3. Frequently Asked Questions
    4. Transcoder System Benchmarks
    5. Start an audio streaming business
    1. Change account currency
    2. Product Licensing
    1. Introduction
    2. Installation & Upgrade
      1. System Requirements
      2. Versions & Releases
      3. Installation
      4. Upgrading
      5. Streaming Servers
        1. Nginx-Rtmp Video Server
        2. Flussonic Media Server
        3. Wowza Streaming Engine
      6. SSL Certificates
    3. Billing Integration
      1. WHMCS Integration Guide
    4. Migrate from other software
      1. Migrate from Centovacast
    5. Backup & Restoration
      1. Restore MediaCP
      2. Backup MediaCP
      3. Transfer to another server
    6. Administration
      1. Custom Web Service Configurations
      2. Reset Admin Password
      3. MediaCP System Commands
      4. Change MediaCP domain name
      5. Move media to another hard disk
      6. FTP Troubleshooting
    7. Scaling
      1. Scale with Wowza and CloudFront CDN
      2. Nginx-Rtmp with CloudFront CDN
    8. Troubleshooting
      1. Troubleshooting Wowza Streaming Engine
      2. MySQL Database Troubleshooting
    1. Introduction
    2. Administrators Dashboard
    3. System Configuration
      1. General
      2. Services
      3. Video Players
      4. Albums
      5. Email
      6. Plugins
      7. Statistics
      8. Backups
      9. Custom HTML
      10. Misc
    4. Customer Accounts
      1. Managing existing Customers
      2. Create a new Customer
      3. Deleting a Customer
      4. Login as another Customer
      5. Send email to Customer
      6. Reset Customer Password
    5. Reseller Accounts
      1. Reseller Plans
      2. Create a Reseller Account
    6. Media Services
      1. Creating a Media Service
    7. Announcements
      1. Managing Announcements
      2. Creating Announcement
      3. Deleting Announcement
    8. Statistics
    9. Software Health
    10. Software Updates
    11. Email Templates
    12. API
    1. API Documentation
    2. Custom Domain Names
    3. Shoutcast 2 Admin Guide
    4. Wowza and Flussonic on same system
    5. Submit a feature request
    1. Shoutcast 2 Live Broadcasting
    2. DJ Priorities
    3. HTML5 Audio Player
    4. Broadcasting with AutoDJ
    5. Shoutcast 2 Premium
    6. Mount Points
    1. Ondemand Video Streaming
    2. Getting started with video streaming
    3. Relay & IP Camera
SSL Certificates

Last updated 5 days ago

The Media Control Panel provides 100% support for SSL in the control panel and all streaming services including Shoutcast 198, Shoutcast 2.5, Shoutcast 2.6, Icecast 2, Icecast 2 KH, Wowza Streaming Engine and Flussonic Media Server.

You can configure either your own custom SSL certificate or an automatic SSL certificate from Lets Encrypt.

  • SSL Configuration is currently only supported on CentOS and Debian operating systems.
  • If using Wowza Streaming Engine, you will need to configure Wowza Secure HTTPS Streaming.

Media Service SSL Support Information

Please note that not all audio streaming servers support native HTTPS. In these cases, the MediaCP can provide a HTTPS proxy, however HTTPS Proxy will use a lot of CPU. We recommend using Native HTTPS where available.

 

 

Native
HTTPS
Proxy
HTTPS
Wowza Streaming Engine -
Flussonic Media Server -
Shoutcast 198 Shoutcast 198 does not provide native SSL and requires proxy to use HTTPS streaming.
Shoutcast 2.5 Shoutcast 198 does not provide native SSL and requires proxy to use HTTPS streaming.
Shoutcast 2.6 Shoutcast 2.6 requires a Premium Shoutcast license purchased separately from www.shoutcast.com to use SSL.
Icecast 2 Icecast 2.4 does not support SSL and non-SSL on the same port. Many encoders do not provide SSL support and therefore the MediaCP will provide an alternate non-SSL port for encoders to connect. By default, if your service is on port 8000; the port 8000 will be SSL and another port 18000 will be created that is unsecured.
Icecast 2 KH RECOMMENDED
Icecast 2 KH provides 100% support for SSL and non-SSL on the same port. This is our recommended server for audio streaming.

AutoSSL / Free HTTPS Certificate Installation

AutoSSL requires that port 80 is available to your server and is also not in use. MediaCP provides compatibility already with the following applications that use port 80 and you can use AutoSSL in combination without making any changes: cPanel, Plesk, CentOS Web Panel, DirectAdmin. It is also compatible with any standard Apache 2 or Nginx installation. AutoSSL certificates should be automatically renewed within 30 days of expiry. 

Simply run the following command to install autossl with the MediaCP:

cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl

The following utility will automatically configure Wowza Streaming Engine SSL on port 1936 and Wowza Streaming Engine Manager SSL on port 8089. 

  1. Run the following to automatically configure WSE SSL/HTTPS:
    cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl-wse

Flussonic SSL is automatically configured by running the above “MediaCP Web Panel AutoSSL”.

Custom HTTPS Certificate Installation

Important: AutoSSL requires the availability of port 80 on your server. This is to ensure that letsencrypt servers can properly validate the domain name. The is is the only downside of using an automated certificate. The exception is if using standard nginx, httpd or cPanel on port 80 then our software will automatically stop and restart these services.

Configure HTTPS for MediaCP.

Before configuring a Custom SSL Certificate you should ensure that AutoSSL is disabled, otherwise the upgrade process may overwrite or break your configurations.

  1. Firstly disable any existing LetsEncrypt / SSL configurations:
    cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl-disable
  2. Update the MediaCP to the latest version:
     cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init upgrade
  3. Login to the MediaCP, navigate to Administration -> Configuration and select the System Tab. Update the MediaCP Full URL to include https://
  4. Add the following to /usr/local/mediacp/nginx/conf.d/ssl.conf, replacing yourdomain with your actual domain name:
    ssl on;
    ssl_certificate /usr/local/mediacp/nginx/fullchain.pem;
    ssl_certificate_key /usr/local/mediacp/nginx/server.key;
    ssl_session_cache shared:le_nginx_SSL:1m;
    ssl_session_timeout 1440m;
    error_page 497 301 =307 https://yourdomain:2000$request_uri;
  5. Install your certificate file in /usr/local/mediacp/nginx/server.pem
  6. Install your fullchain certificate file in /usr/local/mediacp/nginx/fullchain.pem
  7. Install your private key file in /usr/local/mediacp/nginx/server.key
  8. Create a certificate for icecast 2 & icecast 2 kh services to use:
    cat /usr/local/mediacp/nginx/server.key > /usr/local/mediacp/icecast2/icecast.cert;
    echo "" >> /usr/local/mediacp/icecast2/icecast.cert;
    cat /usr/local/mediacp/nginx/fullchain.pem >> /usr/local/mediacp/icecast2/icecast.cert;
  9. Ensure these files have appropriate permissions:
    chown mediacp:mediacp /usr/local/mediacp/icecast2/icecast.cert;
    chown mediacp:mediacp /usr/local/mediacp/nginx/fullchain.pem;
    chown mediacp:mediacp /usr/local/mediacp/nginx/server.pem;
    chown mediacp:mediacp /usr/local/mediacp/nginx/server.key;
  10. Restart the MediaCP service:
    # /usr/local/mediacp/service restart

WSE provide a free near-instant SSL certificate called a Stream Lock Certificate with all licenses.

How to install Wowza Secure HTTPS StreamLock Certificate

Run the following command to automatically convert and install your SSL certificate to Wowza Streaming Engine.

/root/init beta autossl-wse

Table of Contents