Flussonic Media Server documentation

Let's Encrypt and Flussonic Media Server

Let's Encrypt service automatically provides certificates for setting up HTTPS in automatic mode.

Flussonic Media Server has an in-built support for Let's Encrypt; installation of extra packages and manual adjustment of a web server are not necessary.

You only have to open the administrator's interface, assign the port for HTTPS, and click the button "Let's Encrypt".

After that Flussonic Media Server will automatically retrieve and install the certificate.

You do not have to worry about certificate expiration date or manually editing text config files.

HTTPS is useful for:

  • prevention of server control theft, nobody will be able to intercept your password or streaming links;
  • protecting video from security cameras;
  • inserting a link to another site running on https (otherwise, browsers will start warning about unprotected content).

Below is more detailed description of the process of setting up, and the operating principle of Let's Encrypt.

Let's Encrypt: how it works Anchor Anchor x2

Detailed description can be found on the official site: https://letsencrypt.org/how-it-works/.

To make Let's Encrypt service to issue a valid certificate for you, it is necessary to prove that you own the domain. When you press Issue by Letsencrypt in the admin panel, Flussonic Media Server provides the domain name for which a certificate is required. In response, it receives a key that should be returned back when the validating bot will connect to your server via HTTP (exactly on port 80) at address http://your-domain.com/.well-known.

The validating bot tires to connect to your domain. The domain must be delegated, and DNS records must be set up for IP address where Flussonic Media Server is operating. The bot verifies your ownership of the domain, and Flussonic Media Server saves the certificate.

To extend the certificate, you should repeat the verification process, that means that the Flussonic Media Server should always be listening on the port http 80;. Verification cannot be done on some other port — this is the rule of Let's Encrypt. The certificate extention occurs automatically when the certificate expires; also, the certificate can be updated manually through the admin panel of Flussonic Media Server.

Setting Anchor Anchor x2

  • Open the admin panel of Flussonic Media Server using a domain name instead of IP address (e.g., http://your-domain.com/admin)
  • Enter the «Config» tab and and for SSL-tunneled protocols enter port number 443 for HTTPS ports.
  • The button "Issue by LetsEncrypt" will appear. This button launches the process of obtaining a certificate.
  • Press the button and wait for the certificate expiry date to appear (it usually takes up to 10 seconds).

This is how the menu looks when the certificate was not issued:

After the certificate was issued:

Save the settings by pressing "Save". Flussonic Media Server will redirect your browser to https:// — now you can provide services over HTTPS.