Certbot is a popular tool for working with Let's Encrypt certificates. Nimble Streamer has full support for SSL-protected streaming so let's see how you can use Certbot with Nimble Streamer for your convenience.
First go to Certbot website and scroll down to "My HTTP website is running" line. Choose "Other" option in Software field and then your OS in "System" field.
You'll be redirected to this Certbot page with necessary instructions.
Follow steps 1 through 3 to install and setup Certbot.
On step 7, choose "Yes, my web server is not currently running on this machine" option.
If you have Nimble Streamer working on port 80, this will not work because Certbot will try to bring up its own web server. In this case, choose "No, I need to keep my web server running" and read this article for additional setup and then continue with steps below.
On step 8 - "Install your certificate" - you need to use your new certificate in Nimble Streamer configuration.
Add these lines to your /etc/nimble/nimble.conf file:
If you need more complex setup scenario like multiple domains or encryption methods, you can follow this article to set up SSL certificate properly.
By this step, you'll have Nimble Streamer instance running with valid SSL certificate.
The last step will be to set up the automatic renewal of certificate. Certbot does this perfectly, however we'll need to make it call Nimble Streamer for reload the certificate. This can be done via Nimble Streamer native API.
First, set up management API as described on this page under "Starting point: enable API access" point.
Here's an example you can use:
Second step will be to run the renew command as described in "Test automatic renewal" Certbot page section, with additional post-hook parameter like this:
To test automatic certificate renewal, run the following command:
The latest version of Certbot provides pre-configured automated renewal for Ubuntu via systemd timers.
To make sure that Certbot’s systemd timer is installed, use the following command:
To make Nimble Streamer apply new certificate settings without restart, please use following commands to create post-hook timer:
Troubleshooting
If Nimble doesn't start after the above steps, and its logs contain the following error
[20ХХ-01-01 00:00:00 P????-T????] [nimble] E: failed to load SSL certificate(s)
please check that user nimble can read folder /etc/letsencrypt, then you need to execute the following commands to grant required permissions:
That's it. If you have any questions or issues, feel free to contact us via helpdesk.
SSL setup for Nimble Streamer, Paywall feature set
1. Set up Certbot
First go to Certbot website and scroll down to "My HTTP website is running" line. Choose "Other" option in Software field and then your OS in "System" field.
You'll be redirected to this Certbot page with necessary instructions.
Follow steps 1 through 3 to install and setup Certbot.
On step 7, choose "Yes, my web server is not currently running on this machine" option.
If you have Nimble Streamer working on port 80, this will not work because Certbot will try to bring up its own web server. In this case, choose "No, I need to keep my web server running" and read this article for additional setup and then continue with steps below.
2. Set up certificate
On step 8 - "Install your certificate" - you need to use your new certificate in Nimble Streamer configuration.
Add these lines to your /etc/nimble/nimble.conf file:
ssl_port = 443and then re-start Nimble Streamer with this command:
ssl_certificate = /etc/letsencrypt/live/your.domain.name/fullchain.pem
ssl_certificate_key = /etc/letsencrypt/live/your.domain.name/privkey.pem
sudo service nimble restartYou can find more info about nimble.conf on this page.
If you need more complex setup scenario like multiple domains or encryption methods, you can follow this article to set up SSL certificate properly.
By this step, you'll have Nimble Streamer instance running with valid SSL certificate.
3. Set up certificate renewal
The last step will be to set up the automatic renewal of certificate. Certbot does this perfectly, however we'll need to make it call Nimble Streamer for reload the certificate. This can be done via Nimble Streamer native API.
First, set up management API as described on this page under "Starting point: enable API access" point.
Here's an example you can use:
management_listen_interfaces = 127.0.0.1Then re-start Nimble Streamer instance:
management_port = 8083
sudo service nimble restart
Second step will be to run the renew command as described in "Test automatic renewal" Certbot page section, with additional post-hook parameter like this:
sudo certbot renew --post-hook 'curl -X POST http://127.0.0.1:8083/manage/reload_ssl_certificates'You can use the above command (which makes proper API call) to manually renew SSL certificates without Nimble Streamer restart.
To test automatic certificate renewal, run the following command:
sudo certbot renew --dry-run --post-hook 'curl -X POST http://127.0.0.1:8083/manage/reload_ssl_certificates'
The latest version of Certbot provides pre-configured automated renewal for Ubuntu via systemd timers.
To make sure that Certbot’s systemd timer is installed, use the following command:
systemctl list-timersIts output should contain certbot.timer at UNIT column.
To make Nimble Streamer apply new certificate settings without restart, please use following commands to create post-hook timer:
sudo echo -e '#!/bin/sh\ncurl -s -X POST http://127.0.0.1:8083/manage/reload_ssl_certificates' > /etc/letsencrypt/renewal-hooks/post/nimble-ssl-renew.sh
sudo chmod 750 /etc/letsencrypt/renewal-hooks/post/nimble-ssl-renew.shNow you certificates will be renewed automatically.
If Nimble doesn't start after the above steps, and its logs contain the following error
[20ХХ-01-01 00:00:00 P????-T????] [nimble] E: failed to load SSL certificate(s)
please check that user nimble can read folder /etc/letsencrypt, then you need to execute the following commands to grant required permissions:
sudo chgrp -R nimble /etc/letsencrypt/
sudo chmod -R g+rx /etc/letsencrypt/
That's it. If you have any questions or issues, feel free to contact us via helpdesk.
Related documentation
SSL setup for Nimble Streamer, Paywall feature set
No comments:
Post a Comment
If you face any specific issue or want to ask some question to our team,
PLEASE USE OUR HELPDESK
This will give much faster and precise response.
Thank you.
Note: Only a member of this blog may post a comment.