August 7, 2019

Using Certbot with Nimble Streamer

Certbot is a popular tool for working with Let's Encrypt certificates. Nimble Streamer has full support for SSL-protected streaming so let's see how you can use Certbot with Nimble Streamer for your convenience.

1. Set up Certbot


First go to Certbot website and scroll down to "My HTTP website is running" line. Choose "None of the above" option in Software field and then your OS in "System" field.

Let's use Ubuntu 18.04 for our example.

You'll be redirected to https://certbot.eff.org/lets-encrypt/ubuntubionic-other Certbot page with necessary instructions.

Follow steps 1 through 4 to install and setup Certbot.

2. Set up certificate


On step 5 - "Install your certificate" - you need to add use your new certificate in Nimble Streamer configuration.

Add these lines to your /etc/nimble/nimble.conf file:
ssl_port = 443
ssl_certificate = /etc/letsencrypt/live/your.domain.name/fullchain.pem
ssl_certificate_key = /etc/letsencrypt/live/your.domain.name/privkey.pem
and then re-start Nimble Streamer with this command:
sudo service nimble restart
You can find more info about nimble.conf on this page.

If you need more complex setup scenario like multiple domains or encryption methods, you can follow this article to set up SSL certificate properly.

By this step, you'll have Nimble Streamer instance running with valid SSL certificate.

3. Set up certificate renewal


The last step will be to set up the automatic renewal of certificate. Certbot does this perfectly, however we'll need to make it call Nimble Streamer for reload the certificate. This can be done via Nimble Streamer native API.

First, set up management API as described on this page under "Starting point: enable API access" point.
Here's an example you can use:
management_listen_interfaces = 127.0.0.1
management_port = 8083
Then re-start Nimble Streamer instance:
sudo service nimble restart

Second step will be to run the renew command as described in "Test automatic renewal" Certbot page section, with additional post-hook parameter like this:
sudo certbot renew --post-hook 'curl -X POST http://127.0.0.1:8083/manage/reload_ssl_certificates'
You can use the above command (which makes proper API call) to manually renew SSL certificates without Nimble Streamer restart.

The latest version of Certbot provides pre-configured automated renewal for Ubuntu via systemd timers.
To make sure that Certbot’s systemd timer is installed, use the following command:
systemctl list-timers
Its output should contain certbot.timer at UNIT column.

To make Nimble Streamer apply new certificate settings without restart, please use following commands to create post-hook timer:
sudo echo -e '#!/bin/sh\ncurl -s -X POST http://127.0.0.1:8083/manage/reload_ssl_certificates' > /etc/letsencrypt/renewal-hooks/post/nimble-ssl-renew.sh 
sudo chmod 750 /etc/letsencrypt/renewal-hooks/post/nimble-ssl-renew.sh
Now you certificates will be renewed automatically.



That's it. If you have any questions or issues, feel free to contact us via helpdesk.

Related documentation


SSL setup for Nimble Streamer, Paywall feature set

No comments:

Post a Comment

If you face any specific issue or want to ask some question to our team,
PLEASE USE OUR HELPDESK

This will give much faster and precise response.
Thank you.