Need help with renewing SSL certificate on custom port

Can someone please, please help me to fix my issue with enabling SSL.
I installed Azuracast (radiopanel) for almost 1 year ago, and all worked great.

I’m not sure whats happend the last month, cause i have issues with creating new SSL-certs.
Azuracast is installed on an own server, (behind port 8443).

I have a separate server from before which already uses ports 80 and 443 for websites etc. Therefore I am forced to use a custom port for Azuracast.

Again, everything worked fine from the start, don’t ask me how.
But now the radio stream does not work, due to no SSL certificate.

I get the following error when I try to create a new certificate in the Azuracast panel:
Challenge validation failed: IP HERE: Invalid response from https://MY-DOMAIN/.well-known/acme-challenge/xYQP7DEJ-85ao70juwq7jtAXjXUE4e0dMZRhFltBuSE: 404 (urn:ietf:params:acme:error:unauthorized) at /var/azuracast/www/vendor/skoerfgen/acmecert/src/ACMEv2.php:145)"}

This stuff’s over my head, unfortunately (I just let Cloudflare handle SSL for me), but it might be worth reading the AzuraCast docs here:

They do suggest that you must use the original ports, though — at least for using LetsEncrypt. I wonder if that is part of the problem?

Perhaps this is also of use?

It’s a while since I’ve done this, but why does having a web server using ports 80 and 443 mean that you can’t run your other server on the default port 8443?

It looks like the challenge requires port 443.

What software is running on port 443 now? If it’s a Web server like NGiNX or apache I would consider a reverse proxy, so it looks as if Azurecast is running on port 443 as well, even though it’s just the Web server passing data to and from Azurecast.

9 out of 10 times using custom ports is a pain. Recommendation is to not do it.

If you must do it, for this particular problem you could probably:

  1. Stop whatever is listening on port 443
  2. Stop Azurecast
  3. Configure Azurecast to use port 443
  4. Start Azurecast
  5. Request a new cert for Azurecast
  6. Stop Azurecast
  7. Start whatever was listening on port 443 before
  8. Configure Azurecast to use the original port again
  9. Start Azurecast

Once the cert has been obtained it doesn’t matter at what port Azurecast runs, but to obtain the cert it looks like it should run on port 443.

1 Like

This is pretty accurate. We ran into similar issues by setting up a multi-site docker installation.

Essentially, take both the proxy manager and Azuracast containers offline, comment out the custom HTTP and HTTPS ports within .env in /var/azuracast and then spin Azuracast back up. Go to system administration and press “generate/renew,” and assuming no error messages, you’re good. Spin down Azuracast, edit the .env back to how it was set up previously, and then you can spin it and the proxy manager back up.

1 Like