MediaCP Manual
    1. Getting Started
    2. Sales Questions
    3. Frequently Asked Questions
    4. Transcoder System Benchmarks
    5. Start your own streaming platform
    1. Change account currency
    2. Product Licensing
    1. Introduction
    2. Installation & Upgrade
      1. System Requirements
      2. Versions & Releases
      3. Installation
      4. Upgrading
      5. Streaming Servers
        1. Nginx-Rtmp Video Server
        2. Wowza Streaming Engine
        3. Flussonic Media Server
        4. Video Feature Comparison
        5. Icecast 2 / Icecast KH
      6. SSL Certificates
    3. Billing Integration
      1. WHMCS Integration Guide
      2. Clientexec Integration Guide
      3. Blesta Integration Guide
      4. WiseCP Integration Guide
    4. Migrate from other software
      1. Migrate From Centovacast
      2. Migrate From AzuraCast
    5. Backup & Restoration
      1. Backup MediaCP
      2. Restore MediaCP
      3. Transfer to another server
    6. Administration
      1. MediaCP System Commands
      2. Admin Tools
      3. Custom Web Service Configurations
      4. Change MediaCP domain name
      5. Port 80 / 443 Proxy
      6. Move media to another hard disk
      7. Custom Language Translations
      8. Custom Facebook App
      9. Secure your server
      10. Setup CSF Firewall
      11. Troubleshooting Login Errors
      12. Reset Admin Password
    7. Scaling
      1. Scale with Wowza and CloudFront CDN
      2. Nginx-Rtmp with CloudFront CDN
    8. Troubleshooting
      1. Troubleshooting Liquidsoap AutoDJ
      2. Video Relay Troubleshooting
      3. Grant access to support team
      4. Troubleshooting Wowza Streaming Engine
      5. FTP Troubleshooting
      6. MySQL Database Troubleshooting
      7. Reporting Troubleshooting
    1. Introduction
    2. Administrators Dashboard
    3. System Configuration
      1. General
      2. Services
      3. Video Players
      4. Albums
      5. Email
      6. Plugins
      7. Statistics
      8. Backups
      9. Custom HTML
      10. Misc
    4. Customer Accounts
      1. Managing existing Customers
      2. Create a new Customer
      3. Deleting a Customer
      4. Login as another Customer
      5. Send email to Customer
      6. Reset Customer Password
    5. Reseller Accounts
      1. Reseller Plans
      2. Create a Reseller Account
    6. Administrator Accounts
      1. Create a new Administrator
    7. Media Services
      1. Creating a Media Service
      2. Deleting a Media Service
    8. Announcements
      1. Managing Announcements
      2. Creating Announcement
      3. Deleting Announcement
    9. Statistics
    10. Software Health
    11. Software Updates
    12. Email Templates
    13. API
    1. Introduction
    2. Audio Operation Manual
      1. Basics 101
      2. Station Overview
      3. Media Library
      4. Playlists
        1. General Rotation
        2. Jingles & Advertising
        3. Scheduling
        4. Repeat Protection
      5. Live DJ Connections
      6. Live Stream Recording
      7. DJ Manager
      8. Country Blocking
      9. Fallback, Backup and Intro Files
      10. Stream Proxy
      11. Public Page
      12. HTML5 Player
      13. Stream Authentication
      14. Widgets & Links
      15. Reporting
    3. Video Operation Manual
      1. Basics 101
      2. Service Overview
      3. File Manager
      4. Scheduling
      5. Stream Targets
      6. Streaming to Your Service
      7. GeoIP Country Locking
      8. Public Page
      9. Widgets & Links
      10. Reporting
    4. Reseller Operations Manual
      1. Reseller Dashboard
      2. Customers
      3. Media Services
    5. API
    1. Custom Domain Names
    2. Shoutcast 2 Admin Guide
    3. Wowza and Flussonic on same system
    4. Submit a feature request
    1. Getting started with Audio Streaming
    2. Icecast Live Broadcasting
    3. Shoutcast 2 Live Broadcasting
    4. Broadcasting with AutoDJ
    5. DJ Accounts
    6. GeoIP Country Locking
    7. HTML5 Audio Player
    8. Mount Points
    9. Managing Your Media
    10. Managing Media Using FTP
    11. Statistics
    12. Shoutcast 2 Premium
    1. Getting started with video streaming
    2. Live Streaming Overview
    3. TV Station Overview
    4. Ondemand Video Streaming
    5. GeoIP Country Locking
    6. VAST Advertising
    7. Relay & IP Camera
    8. Stream Recording
    9. Connecting your encoder
    10. Preparing Your Media Files
    11. Managing Media Using FTP
    12. Understanding Video Playlists
    13. Embedding player on your website
    14. Smooth Streaming and Content Transition
    15. Video Transcoding (Adaptive Bitrate Streaming)
    16. Stream Watermark​
    17. DVR Rewind
    18. Statistics
    19. Facebook Live Streaming
    20. Youtube Stream Publishing
    21. Twitch Stream Publishing
    22. Shoutcast 2 Stream Publishing
    23. Icecast Stream Publishing
    24. RTMP Stream Publishing
    1. Cloud Video Overview
    2. Admin Manual - Cloud Video
      1. WHMCS Billing Provisioning Module
      2. Login to your cloud platform
      3. Dashboard - A First Look
      4. Branding your platform
      5. Team & Staff Members
      6. Plans & Customers
      7. Activating VOD on Customer Plan
    3. User Manual - Cloud Video
      1. Login to your video platform
      2. First Look
      3. Creating a Channel
      4. Channel Overview
      5. Broadcasting
      6. Recording
      7. Media Content
      8. Live Events
      9. 30 Minute Rewind
      10. Fallback Video
      11. TV Channels - 24x7 UGC
        1. TV Event Scheduling
      12. Video on Demand
      13. VOD Playlists
      14. Publishing
      15. Bandwidth Utilisation
      16. Viewing Analytics
      17. Publish Zoom Meetings
      18. Advertising
      19. Restreaming IP Cameras
    4. Video Guide Series
    5. Streaming Best Practices
    6. Feature Comparison
    7. Roadmap & Release Notes
SSL Certificates

Last updated 1 year ago

The Media Control Panel provides 100% support for SSL in the control panel and all streaming services including Shoutcast 198, Shoutcast 2.5, Shoutcast 2.6, Icecast 2, Icecast 2 KH, Wowza Streaming Engine and Flussonic Media Server.

You can configure either your own custom SSL certificate or an automatic SSL certificate from Lets Encrypt.

  • SSL Configuration is currently only supported on CentOS and Debian operating systems.
  • If using Wowza Streaming Engine, you will need to configure Wowza Secure HTTPS Streaming.

Media Service SSL Support Information

Please note that not all audio streaming servers support native HTTPS. In these cases, the MediaCP can provide a HTTPS proxy, however HTTPS Proxy will use a lot of CPU. We recommend using Native HTTPS where available.

 

 

Native
HTTPS
Proxy
HTTPS
Wowza Streaming Engine -
Flussonic Media Server -
Nginx-Rtmp -
Shoutcast 198 Shoutcast 198 does not provide native SSL and requires proxy to use HTTPS streaming.
Shoutcast 2.5 Shoutcast 2.5 does not provide native SSL and requires proxy to use HTTPS streaming.
Shoutcast 2.6 Shoutcast 2.6 provides native SSL supprt.
Icecast 2 Icecast 2.4 does not support SSL and non-SSL on the same port. Many encoders do not provide SSL support and therefore the MediaCP will provide an alternate non-SSL port for encoders to connect. By default, if your service is on port 8000; the port 8000 will be SSL and another port 18000 will be created that is unsecured.
Icecast 2 KH RECOMMENDED
Icecast 2 KH provides 100% support for SSL and non-SSL on the same port. This is our recommended server for audio streaming.

AutoSSL / Free HTTPS Certificate Installation

AutoSSL requires that port 80 is available to your server and is also not in use. MediaCP provides compatibility already with the following applications that use port 80 and you can use AutoSSL in combination without making any changes: cPanel, Plesk, CentOS Web Panel, DirectAdmin. It is also compatible with any standard Apache 2 or Nginx installation. AutoSSL certificates should be automatically renewed within 30 days of expiry. 

Simply run the following command to install autossl with the MediaCP:

cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl

The following utility will automatically configure Wowza Streaming Engine SSL on port 1936 and Wowza Streaming Engine Manager SSL on port 8089. 

  1. Run the following to automatically configure WSE SSL/HTTPS:
    cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl-wse

Flussonic SSL is automatically configured by running the above “MediaCP Web Panel AutoSSL”.

Custom HTTPS Certificate Installation

A Custom SSL Certificate might be required in cases where opening port 80 is not possible, a longer duration before renewal is desired, or AutoSSL is otherwise not suitable.

It is important to remember to renew your certificate before it expires. The MediaCP will not tell if the certificate is to expire soon. You should setup your own 3rd party monitoring.

MediaCP staff can install and renew a custom certificate for a professional services fee if required.

Configure HTTPS for MediaCP.

Before configuring a Custom SSL Certificate you should ensure that AutoSSL is disabled, otherwise the upgrade process may overwrite or break your configurations.

  1. Firstly disable any existing LetsEncrypt / SSL configurations:
    cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl-disable
  2. Update the MediaCP to the latest version:
     cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init upgrade
  3. Login to the MediaCP, navigate to Administration -> Configuration and select the System Tab. Update the MediaCP Full URL to include https://
  4. Add the following to /usr/local/mediacp/nginx/conf.d/ssl.conf, replacing yourdomain with your actual domain name:
    ssl on;
    ssl_certificate /usr/local/mediacp/nginx/fullchain.pem;
    ssl_certificate_key /usr/local/mediacp/nginx/server.key;
    ssl_session_cache shared:le_nginx_SSL:1m;
    ssl_session_timeout 1440m;
    error_page 497 301 =307 https://yourdomain:2020$request_uri;
  5. Install your certificate file in /usr/local/mediacp/nginx/server.pem
  6. Install your fullchain certificate file in /usr/local/mediacp/nginx/fullchain.pem
  7. Install your private key file in /usr/local/mediacp/nginx/server.key
  8. Create a certificate for icecast 2 & icecast 2 kh services to use:
    cat /usr/local/mediacp/nginx/server.key > /usr/local/mediacp/icecast2/icecast.cert;
    echo "" >> /usr/local/mediacp/icecast2/icecast.cert;
    cat /usr/local/mediacp/nginx/fullchain.pem >> /usr/local/mediacp/icecast2/icecast.cert;
  9. Ensure these files have appropriate permissions:
    chown mediacp:mediacp /usr/local/mediacp/icecast2/icecast.cert;
    chown mediacp:mediacp /usr/local/mediacp/nginx/fullchain.pem;
    chown mediacp:mediacp /usr/local/mediacp/nginx/server.pem;
    chown mediacp:mediacp /usr/local/mediacp/nginx/server.key;
  10. Restart the MediaCP service:
    /usr/local/mediacp/service restart

WSE provide a free near-instant SSL certificate called a Stream Lock Certificate with all licenses.

How to install Wowza Secure HTTPS StreamLock Certificate

Run the following command to automatically convert and install your SSL certificate to Wowza Streaming Engine.

/root/init beta autossl-wse

Table of Contents