This worked for me, and now I'm streaming with HTTPS:
First: You need to know if your Icecast was compiled with SSL:
$ ldd /usr/bin/icecast | grep -i ssl
You have Icecast with SSL if it returns something like this:
libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f9f693ad000)
If not, uninstall icecast and install first of all these dependencies, then install icecast again:
libxml2
libxml2-devel
libxslt
libxslt-devel
curl Version >= 7.10
libcurl
libcurl-devel
libogg/libvorbis Version >= 1.0
libvorbis-devel
libogg-devel
OpenSSL
libtheora
libtheora-devel
speex
speex-devel
mod_ssl
Second: (only for testing purposes, the right way is to have a cert from a Certificate Authority) Generate a self-signed certificate with openSSL:
$ sudo mkdir -p /etc/ssl/private
$ cd /etc/ssl/private
$ sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout localdomain.key -out localdomain.crt
Third: Put your certificate and private key in a single file, as Icecast requires everything in one file:
$ sudo cat localdomain.crt localdomain.key > localdomain_pairkeys.pem
Fourth: Change the owner of this file to icecast (confirm the icecast user in your /etc/passwd):
$ sudo chown icecast:icecast localdomain_pairkeys.pem
Fifth: Paste these lines in your /etc/icecast.xml
<listen-socket>
<port>443</port>
<ssl>1</ssl>
<bind-address>YOUR IP ADDRESS</bind-address>
</listen-socket>
Inside "paths" closure:
<ssl-certificate>/etc/ssl/private/localdomain_pairkeys.pem</ssl-certificate>
<ssl-allowed-ciphers>ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS</ssl-allowed-ciphers>
Finally: Start the service (this is how I start it in Fedora, so it can listen in port 443, don't know why but with "systemctl start icecast" it listens only in port 8000):
$ sudo icecast -c /etc/icecast.xml
That's it, I hope it is useful!
These pages have helped me too:
https://www.icecast.org/docs/icecast-trunk/config_file/
Why Icecast2 does not want to give the stream through https?
Icecast 2 and SSL
