Ant-Media-Server icon indicating copy to clipboard operation
Ant-Media-Server copied to clipboard

Published 20 hours ago verified publisher icon ant-media

Add support for a SSL certificate authority that doesn't suck

Open chris00001 opened this issue 4 years ago • 3 comments

I'm frustrated by the rate limits set by Lets Encrypt in your "super simple" one click solution and the unbearably short life of Lets Encrypt certificates. I should NOT have to re-up it ever 3 months. It's ridicules.

Solution:

Add documentation for using some other SSL certificate authority.

chris00001 avatar Aug 09 '20 06:08 chris00001

Hi @chris00001 ,

Thank you for asking this question.

I see. There are some simple tricks may help you for that.

  • You can import other SSL certificates with enable_ssl.sh as follows.
./enable_ssl.sh -f {FULL_CHAIN_FILE} -p {PRIVATE_KEY_FILE} -d {DOMAIN_NAME}

  • You don't need to get a new certificate from the Let's Encrypt for every time. You can use the same one if you're in the same instance. So that you don't get stuck in the weekly limits.

  • There is an auto renewal SSL cron job for running every 3 months. It's installed by default when you first install the SSL in the latest version.

mekya avatar Aug 09 '20 08:08 mekya

how to generate fullchainfile from cloudflare, i have pem and key

reiluke avatar Aug 08 '22 08:08 reiluke

Hi @reiluke

The proxy must be active (http/https) to use Cloudflare certificates and if the proxy is active, unfortunately, Ant Media Server will not work because it uses different ports and protocols. My advice to you is to use Let's Encrypt.

So unfortunately you can't use full chain certs in Cloudflare for the reason I mentioned above.

https://developers.cloudflare.com/fundamentals/get-started/reference/network-ports/

muratugureminoglu avatar Aug 14 '22 16:08 muratugureminoglu