SSL Certificates

In by castcontrol

You can configure either your own custom SSL certificate or an automatic SSL certificate from Lets Encrypt.

Notes

  • Currently only supported on CentOS and Debian operating systems.
  • If using Wowza Streaming Engine, you will need to configure Wowza Secure HTTPS Streaming.

Lets Encrypt SSL Certificate

Important: To use an automatic letsencrypt.org ssl certificate you must ensure that port 80 is not in use on your server. This is to ensure that letsencrypt ACME servers can properly validate the domain name. Unfortunately this is the downside of using an automated certificate.

  1. Update the MediaCP to the latest version:
     cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init upgrade
  2. Login to the MediaCP, navigate to Administration -> Configuration and select the System Tab. Update the MediaCP Full URL to include https://
  3. Enable Lets Encrypt with MediaCP
    cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init letsencrypt-enable

Custom SSL Certificate

Configure HTTPS for MediaCP:

  1. Update the MediaCP to the latest version:
     cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init upgrade
  2. Login to the MediaCP, navigate to Administration -> Configuration and select the System Tab. Update the MediaCP Full URL to include https://
  3. Add the following to /usr/local/mediacp/nginx/conf.d/ssl.conf, replacing yourdomain with your actual domain name:
    ssl on;
    ssl_certificate /usr/local/mediacp/nginx/fullchain.pem;
    ssl_certificate_key /usr/local/mediacp/nginx/server.key;
    ssl_session_cache shared:le_nginx_SSL:1m;
    ssl_session_timeout 1440m;
    error_page 497 301 =307 https://yourdomain:2000$request_uri;
  4. Install your certificate file in /usr/local/mediacp/nginx/server.pem
  5. Install your fullchain certificate file in /usr/local/mediacp/nginx/fullchain.pem
  6. Install your private key file in /usr/local/mediacp/nginx/server.key
  7. Create a certificate for icecast 2 & icecast 2 kh services to use:
    rm -f /usr/local/mediacp/icecast2/icecast.cert;
    cat /usr/local/mediacp/nginx/server.key > /usr/local/mediacp/icecast2/icecast.cert;
    cat /usr/local/mediacp/nginx/server.pem >> /usr/local/mediacp/icecast2/icecast.cert;
  8. Ensure these files have appropriate permissions:
    chown mediacp:mediacp /usr/local/mediacp/icecast2/icecast.cert;
    chown mediacp:mediacp /usr/local/mediacp/nginx/fullchain.pem;
    chown mediacp:mediacp /usr/local/mediacp/nginx/server.pem;
    chown mediacp:mediacp /usr/local/mediacp/nginx/server.key;
  9. Restart the MediaCP service:
    # /usr/local/mediacp/service restart