MediaCP Manual
    1. Getting Started
    2. Sales Questions
    3. Frequently Asked Questions
    4. Transcoder System Benchmarks
    5. Start your own streaming platform
    1. Change account currency
    2. Product Licensing
    1. Introduction
    2. Installation & Upgrade
      1. System Requirements
      2. Versions & Releases
      3. Installation
      4. Upgrading
      5. Streaming Servers
        1. Nginx-Rtmp Video Server
        2. Flussonic Media Server
        3. Icecast 2 / Icecast KH
        4. Wowza Streaming Engine
      6. SSL Certificates
    3. Billing Integration
      1. WHMCS Integration Guide
    4. Migrate from other software
      1. Migrate from Centovacast
    5. Backup & Restoration
      1. Backup MediaCP
      2. Restore MediaCP
      3. Transfer to another server
    6. Administration
      1. Custom Web Service Configurations
      2. Reset Admin Password
      3. Port 80 / 443 Proxy
      4. MediaCP System Commands
      5. Change MediaCP domain name
      6. Move media to another hard disk
      7. Secure your server
      8. Troubleshooting Login Errors
    7. Scaling
      1. Scale with Wowza and CloudFront CDN
      2. Nginx-Rtmp with CloudFront CDN
    8. Troubleshooting
      1. Grant access to support team
      2. Troubleshooting Wowza Streaming Engine
      3. FTP Troubleshooting
      4. MySQL Database Troubleshooting
      5. Reporting Troubleshooting
      6. Troubleshooting Liquidsoap AutoDJ
      7. Video Relay Troubleshooting
    1. Introduction
    2. Administrators Dashboard
    3. System Configuration
      1. General
      2. Services
      3. Video Players
      4. Albums
      5. Email
      6. Plugins
      7. Statistics
      8. Backups
      9. Custom HTML
      10. Misc
    4. Customer Accounts
      1. Managing existing Customers
      2. Create a new Customer
      3. Deleting a Customer
      4. Login as another Customer
      5. Send email to Customer
      6. Reset Customer Password
    5. Reseller Accounts
      1. Reseller Plans
      2. Create a Reseller Account
    6. Media Services
      1. Creating a Media Service
      2. Deleting a Media Service
    7. Announcements
      1. Managing Announcements
      2. Creating Announcement
      3. Deleting Announcement
    8. Statistics
    9. Software Health
    10. Software Updates
    11. Email Templates
    12. API
    1. API Documentation
    2. Custom Domain Names
    3. Shoutcast 2 Admin Guide
    4. Wowza and Flussonic on same system
    5. Submit a feature request
    6. Wowza Custom Properties
    1. Shoutcast 2 Live Broadcasting
    2. DJ Priorities
    3. HTML5 Audio Player
    4. Broadcasting with AutoDJ
    5. Shoutcast 2 Premium
    6. Mount Points
    1. Getting started with video streaming
    2. Live Streaming Overview
    3. TV Station Overview
    4. Ondemand Video Streaming
    5. Relay & IP Camera
    6. Connecting your encoder
    7. Managing your media files
    8. Embedding player on your website
    9. Video Transcoding (Adaptive Bitrate Streaming)
    10. Image Logo or Watermark Overlay on Video Stream
    11. nDVR Live Streaming
    12. Shoutcast 2 Stream Publishing
    13. Facebook Live Streaming
    14. Youtube Stream Publishing
    15. Icecast Stream Publishing
    16. Twitch Stream Publishing
    17. Periscope Stream Publishing
SSL Certificates

Last updated 3 months ago

The Media Control Panel provides 100% support for SSL in the control panel and all streaming services including Shoutcast 198, Shoutcast 2.5, Shoutcast 2.6, Icecast 2, Icecast 2 KH, Wowza Streaming Engine and Flussonic Media Server.

You can configure either your own custom SSL certificate or an automatic SSL certificate from Lets Encrypt.

  • SSL Configuration is currently only supported on CentOS and Debian operating systems.
  • If using Wowza Streaming Engine, you will need to configure Wowza Secure HTTPS Streaming.

Media Service SSL Support Information

Please note that not all audio streaming servers support native HTTPS. In these cases, the MediaCP can provide a HTTPS proxy, however HTTPS Proxy will use a lot of CPU. We recommend using Native HTTPS where available.

 

 

Native
HTTPS
Proxy
HTTPS
Wowza Streaming Engine -
Flussonic Media Server -
Shoutcast 198 Shoutcast 198 does not provide native SSL and requires proxy to use HTTPS streaming.
Shoutcast 2.5 Shoutcast 198 does not provide native SSL and requires proxy to use HTTPS streaming.
Shoutcast 2.6 Shoutcast 2.6 requires a Premium Shoutcast license purchased separately from www.shoutcast.com to use SSL.
Icecast 2 Icecast 2.4 does not support SSL and non-SSL on the same port. Many encoders do not provide SSL support and therefore the MediaCP will provide an alternate non-SSL port for encoders to connect. By default, if your service is on port 8000; the port 8000 will be SSL and another port 18000 will be created that is unsecured.
Icecast 2 KH RECOMMENDED
Icecast 2 KH provides 100% support for SSL and non-SSL on the same port. This is our recommended server for audio streaming.

AutoSSL / Free HTTPS Certificate Installation

AutoSSL requires that port 80 is available to your server and is also not in use. MediaCP provides compatibility already with the following applications that use port 80 and you can use AutoSSL in combination without making any changes: cPanel, Plesk, CentOS Web Panel, DirectAdmin. It is also compatible with any standard Apache 2 or Nginx installation. AutoSSL certificates should be automatically renewed within 30 days of expiry. 

Simply run the following command to install autossl with the MediaCP:

cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl

The following utility will automatically configure Wowza Streaming Engine SSL on port 1936 and Wowza Streaming Engine Manager SSL on port 8089. 

  1. Run the following to automatically configure WSE SSL/HTTPS:
    cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl-wse

Flussonic SSL is automatically configured by running the above “MediaCP Web Panel AutoSSL”.

Custom HTTPS Certificate Installation

Important: AutoSSL requires the availability of port 80 on your server. This is to ensure that letsencrypt servers can properly validate the domain name. The is is the only downside of using an automated certificate. The exception is if using standard nginx, httpd or cPanel on port 80 then our software will automatically stop and restart these services.

Configure HTTPS for MediaCP.

Before configuring a Custom SSL Certificate you should ensure that AutoSSL is disabled, otherwise the upgrade process may overwrite or break your configurations.

  1. Firstly disable any existing LetsEncrypt / SSL configurations:
    cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl-disable
  2. Update the MediaCP to the latest version:
     cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init upgrade
  3. Login to the MediaCP, navigate to Administration -> Configuration and select the System Tab. Update the MediaCP Full URL to include https://
  4. Add the following to /usr/local/mediacp/nginx/conf.d/ssl.conf, replacing yourdomain with your actual domain name:
    ssl on;
    ssl_certificate /usr/local/mediacp/nginx/fullchain.pem;
    ssl_certificate_key /usr/local/mediacp/nginx/server.key;
    ssl_session_cache shared:le_nginx_SSL:1m;
    ssl_session_timeout 1440m;
    error_page 497 301 =307 https://yourdomain:2020$request_uri;
  5. Install your certificate file in /usr/local/mediacp/nginx/server.pem
  6. Install your fullchain certificate file in /usr/local/mediacp/nginx/fullchain.pem
  7. Install your private key file in /usr/local/mediacp/nginx/server.key
  8. Create a certificate for icecast 2 & icecast 2 kh services to use:
    cat /usr/local/mediacp/nginx/server.key > /usr/local/mediacp/icecast2/icecast.cert;
    echo "" >> /usr/local/mediacp/icecast2/icecast.cert;
    cat /usr/local/mediacp/nginx/fullchain.pem >> /usr/local/mediacp/icecast2/icecast.cert;
  9. Ensure these files have appropriate permissions:
    chown mediacp:mediacp /usr/local/mediacp/icecast2/icecast.cert;
    chown mediacp:mediacp /usr/local/mediacp/nginx/fullchain.pem;
    chown mediacp:mediacp /usr/local/mediacp/nginx/server.pem;
    chown mediacp:mediacp /usr/local/mediacp/nginx/server.key;
  10. Restart the MediaCP service:
    /usr/local/mediacp/service restart

WSE provide a free near-instant SSL certificate called a Stream Lock Certificate with all licenses.

How to install Wowza Secure HTTPS StreamLock Certificate

Run the following command to automatically convert and install your SSL certificate to Wowza Streaming Engine.

/root/init beta autossl-wse

Table of Contents