MediaCP Manual
    1. Getting Started
    2. Sales Questions
    3. Frequently Asked Questions
    4. Transcoder System Benchmarks
    5. Start your own streaming platform
    1. Change account currency
    2. Product Licensing
    1. Introduction
    2. Installation & Upgrade
      1. System Requirements
      2. Versions & Releases
      3. Installation
      4. Upgrading
      5. SSL Certificates
      6. Streaming Servers
        1. Nginx-Rtmp Video Server
        2. Wowza Streaming Engine
        3. Flussonic Media Server
        4. Video Feature Comparison
        5. Icecast 2 / Icecast KH
    3. Billing Integration
      1. WHMCS Integration Guide
      2. Clientexec Integration Guide
      3. Blesta Integration Guide
    4. Migrate from other software
      1. Migrate From Centovacast
      2. Migrate From AzuraCast
    5. Backup & Restoration
      1. Backup MediaCP
      2. Restore MediaCP
      3. Transfer to another server
    6. Administration
      1. MediaCP System Commands
      2. Change MediaCP domain name
      3. Move media to another hard disk
      4. Secure your server
      5. Troubleshooting Login Errors
      6. Custom Facebook App
      7. Custom Web Service Configurations
      8. Reset Admin Password
      9. Port 80 / 443 Proxy
      10. Admin Tools
    7. Scaling
      1. Scale with Wowza and CloudFront CDN
      2. Nginx-Rtmp with CloudFront CDN
    8. Troubleshooting
      1. MySQL Database Troubleshooting
      2. Reporting Troubleshooting
      3. Troubleshooting Liquidsoap AutoDJ
      4. Video Relay Troubleshooting
      5. Grant access to support team
      6. Troubleshooting Wowza Streaming Engine
      7. FTP Troubleshooting
    1. Introduction
    2. Administrators Dashboard
    3. System Configuration
      1. General
      2. Services
      3. Video Players
      4. Albums
      5. Email
      6. Plugins
      7. Statistics
      8. Backups
      9. Custom HTML
      10. Misc
    4. Customer Accounts
      1. Managing existing Customers
      2. Create a new Customer
      3. Deleting a Customer
      4. Send email to Customer
      5. Login as another Customer
      6. Reset Customer Password
    5. Reseller Accounts
      1. Reseller Plans
      2. Create a Reseller Account
    6. Media Services
      1. Creating a Media Service
      2. Deleting a Media Service
    7. Announcements
      1. Managing Announcements
      2. Creating Announcement
      3. Deleting Announcement
    8. Statistics
    9. Software Health
    10. Software Updates
    11. Email Templates
    12. API
    1. Introduction
    2. Video Operation Manual
      1. Basics 101
      2. Service Overview
      3. File Manager
      4. Scheduling
      5. Streaming to Your Service
      6. Stream Targets
      7. GeoIP Country Locking
      8. Widgets & Links
      9. Reporting
    3. Audio Operation Manual
      1. Basics 101
      2. Station Overview
      3. Media Library
      4. Playlists
        1. General Rotation
        2. Jingles & Advertising
        3. Scheduling
        4. Repeat Protection
      5. Live DJ Connections
      6. Live Stream Recording
      7. DJ Manager
      8. Country Blocking
      9. Stream Proxy
      10. Stream Authentication
      11. Widgets & Links
      12. Reporting
    4. Reseller Operations Manual
      1. Reseller Dashboard
      2. Customers
      3. Media Services
    1. Wowza and Flussonic on same system
    2. Submit a feature request
    3. Wowza Custom Properties
    4. API Documentation
    5. Custom Domain Names
    6. Shoutcast 2 Admin Guide
    1. Broadcasting with AutoDJ
    2. Shoutcast 2 Premium
    3. Mount Points
    4. Managing Media Using FTP
    5. Shoutcast 2 Live Broadcasting
    6. DJ Priorities
    7. HTML5 Audio Player
    1. Getting started with video streaming
    2. Live Streaming Overview
    3. TV Station Overview
    4. Ondemand Video Streaming
    5. GeoIP Country Locking
    6. VAST Advertising
    7. Relay & IP Camera
    8. Stream Recording
    9. Connecting your encoder
    10. Preparing Your Media Files
    11. Managing Media Using FTP
    12. Understanding Video Playlists
    13. Embedding player on your website
    14. Smooth Streaming and Content Transition
    15. Video Transcoding (Adaptive Bitrate Streaming)
    16. Image Logo or Watermark Overlay on Video Stream
    17. DVR Rewind
    18. Statistics
    19. Facebook Live Streaming
    20. Youtube Stream Publishing
    21. Twitch Stream Publishing
    22. Shoutcast 2 Stream Publishing
    23. Icecast Stream Publishing
    24. RTMP Stream Publishing
    1. Cloud Video Overview
    2. Admin Manual - Cloud Video
      1. Team & Staff Members
      2. Plans & Customers
      3. WHMCS Billing Provisioning Module
      4. Login to your cloud platform
      5. Dashboard - A First Look
      6. Branding your platform
      7. Activating VOD on Customer Plan
    3. User Manual - Cloud Video
      1. Login to your video platform
      2. First Look
      3. Creating a Channel
      4. Channel Overview
      5. Broadcasting
      6. Media Content
      7. Recording
      8. Fallback Video
      9. TV Channels - 24x7 UGC
      10. Video on Demand
      11. VOD Playlists
      12. Publishing
      13. Viewing Analytics
      14. Publish Zoom Meetings
      15. Advertising
      16. Restreaming IP Cameras
    4. Video Guide Series
    5. Streaming Best Practices
    6. Feature Comparison
    7. Roadmap & Release Notes
SSL Certificates

Last updated 9 months ago

The Media Control Panel provides 100% support for SSL in the control panel and all streaming services including Shoutcast 198, Shoutcast 2.5, Shoutcast 2.6, Icecast 2, Icecast 2 KH, Wowza Streaming Engine and Flussonic Media Server.

You can configure either your own custom SSL certificate or an automatic SSL certificate from Lets Encrypt.

  • SSL Configuration is currently only supported on CentOS and Debian operating systems.
  • If using Wowza Streaming Engine, you will need to configure Wowza Secure HTTPS Streaming.

Media Service SSL Support Information

Please note that not all audio streaming servers support native HTTPS. In these cases, the MediaCP can provide a HTTPS proxy, however HTTPS Proxy will use a lot of CPU. We recommend using Native HTTPS where available.

 

 

Native
HTTPS
Proxy
HTTPS
Wowza Streaming Engine -
Flussonic Media Server -
Nginx-Rtmp -
Shoutcast 198 Shoutcast 198 does not provide native SSL and requires proxy to use HTTPS streaming.
Shoutcast 2.5 Shoutcast 2.5 does not provide native SSL and requires proxy to use HTTPS streaming.
Shoutcast 2.6 Shoutcast 2.6 provides native SSL supprt.
Icecast 2 Icecast 2.4 does not support SSL and non-SSL on the same port. Many encoders do not provide SSL support and therefore the MediaCP will provide an alternate non-SSL port for encoders to connect. By default, if your service is on port 8000; the port 8000 will be SSL and another port 18000 will be created that is unsecured.
Icecast 2 KH RECOMMENDED
Icecast 2 KH provides 100% support for SSL and non-SSL on the same port. This is our recommended server for audio streaming.

AutoSSL / Free HTTPS Certificate Installation

AutoSSL requires that port 80 is available to your server and is also not in use. MediaCP provides compatibility already with the following applications that use port 80 and you can use AutoSSL in combination without making any changes: cPanel, Plesk, CentOS Web Panel, DirectAdmin. It is also compatible with any standard Apache 2 or Nginx installation. AutoSSL certificates should be automatically renewed within 30 days of expiry. 

Simply run the following command to install autossl with the MediaCP:

cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl

The following utility will automatically configure Wowza Streaming Engine SSL on port 1936 and Wowza Streaming Engine Manager SSL on port 8089. 

  1. Run the following to automatically configure WSE SSL/HTTPS:
    cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl-wse

Flussonic SSL is automatically configured by running the above “MediaCP Web Panel AutoSSL”.

Custom HTTPS Certificate Installation

A Custom SSL Certificate might be required in cases where opening port 80 is not possible, a longer duration before renewal is desired, or AutoSSL is otherwise not suitable.

It is important to remember to renew your certificate before it expires. The MediaCP will not tell if the certificate is to expire soon. You should setup your own 3rd party monitoring.

MediaCP staff can install and renew a custom certificate for a professional services fee if required.

Configure HTTPS for MediaCP.

Before configuring a Custom SSL Certificate you should ensure that AutoSSL is disabled, otherwise the upgrade process may overwrite or break your configurations.

  1. Firstly disable any existing LetsEncrypt / SSL configurations:
    cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init autossl-disable
  2. Update the MediaCP to the latest version:
     cd /root;rm -f init;wget http://install.mediacp.net/scripts/init;chmod +x init;./init upgrade
  3. Login to the MediaCP, navigate to Administration -> Configuration and select the System Tab. Update the MediaCP Full URL to include https://
  4. Add the following to /usr/local/mediacp/nginx/conf.d/ssl.conf, replacing yourdomain with your actual domain name:
    ssl on;
    ssl_certificate /usr/local/mediacp/nginx/fullchain.pem;
    ssl_certificate_key /usr/local/mediacp/nginx/server.key;
    ssl_session_cache shared:le_nginx_SSL:1m;
    ssl_session_timeout 1440m;
    error_page 497 301 =307 https://yourdomain:2020$request_uri;
  5. Install your certificate file in /usr/local/mediacp/nginx/server.pem
  6. Install your fullchain certificate file in /usr/local/mediacp/nginx/fullchain.pem
  7. Install your private key file in /usr/local/mediacp/nginx/server.key
  8. Create a certificate for icecast 2 & icecast 2 kh services to use:
    cat /usr/local/mediacp/nginx/server.key > /usr/local/mediacp/icecast2/icecast.cert;
    echo "" >> /usr/local/mediacp/icecast2/icecast.cert;
    cat /usr/local/mediacp/nginx/fullchain.pem >> /usr/local/mediacp/icecast2/icecast.cert;
  9. Ensure these files have appropriate permissions:
    chown mediacp:mediacp /usr/local/mediacp/icecast2/icecast.cert;
    chown mediacp:mediacp /usr/local/mediacp/nginx/fullchain.pem;
    chown mediacp:mediacp /usr/local/mediacp/nginx/server.pem;
    chown mediacp:mediacp /usr/local/mediacp/nginx/server.key;
  10. Restart the MediaCP service:
    /usr/local/mediacp/service restart

WSE provide a free near-instant SSL certificate called a Stream Lock Certificate with all licenses.

How to install Wowza Secure HTTPS StreamLock Certificate

Run the following command to automatically convert and install your SSL certificate to Wowza Streaming Engine.

/root/init beta autossl-wse

Table of Contents