Install SSL Letsencrypt on Wowza Server HLS Stream

I am running webserver / domain on HTTPS and Wowza Media Streaming Server on HTTP (Non-SSL) so I am getting Error for LIVE / VOD HLS stream Files “Cannot load M3U8: Unable to fetch HTTP resource over HTTPS”

HTTP stream
http://origin.domain.com:1935/live/myStream/playlist.m3u8

HTTPS stream – Needs to setup
https://origin.domain.com:1443/live/myStream/playlist.m3u8

Install Let’s Encrypt SSL Certificates
Free SSL Certbot

=> As I have installed SSL on NGINX … I am running NGINX webserver on 443 (HTTPS) … but wowza is not configured for SSL still

Try to find SSL key in Let’s Encrypt Certificate Directory

# ls /etc/letsencrypt/live
# ls /etc/letsencrypt/live/origin.domain.com
cert.pem chain.pem fullchain.pem privkey.pem README

cert.pem: Server Certificate
chain.pem: Root and Intermediate Certificates
fullchain.pem: Combination of Server, Root and Intermediate Certificates (replaces cert.pem and chain.pem)
privkey.pem: Private Key (don’t share)

# stat /etc/letsencrypt/live/origin.domain.com/fullchain.pem
File: ‘/etc/letsencrypt/live/origin.domain.com/fullchain.pem’ -> ‘../../archive/origin.domain.com/fullchain3.pem’
Size: 50 Blocks: 0 IO Block: 4096 symbolic link
Device: ca01h/51713d Inode: 2754252 Links: 1

Wowza Configuration

Special Thanks to Robymus who made java converter file “wowza-letsencrypt-converter” to convert SSL to an JKS file.

# cd /usr/local/WowzaStreamingEngine/lib
# wget https://github.com/robymus/wowza-letsencrypt-converter/releases/download/v0.1/wowza-letsencrypt-converter-0.1.jar

– The letsencrypt-live-path parameter defaults to /etc/letsencrypt/live

Make sure you have Java 8 installed

# apt-get install oracle-java8-installer

# cd /usr/local/WowzaStreamingEngine/lib
# java -jar wowza-letsencrypt-converter-0.1.jar -v /usr/local/WowzaStreamingEngine/conf/ /etc/letsencrypt/live/

Make sure you will have below files in /usr/local/WowzaStreamingEngine/conf/

– origin.domain.com.jks
– jksmap.txt

– File jksmap.txt have domain to keystore mapping will be used in the VHost.xml of Wowza Streaming Engine.
– JKS password will be ‘secret’.

Now update Wowza file /usr/local/WowzaStreamingEngine/conf/VHost.xml for Wowza HLS M3U8 file

Open Wowza VHost.xml and search 443 HostPort and comment out the <!– before HostPort and –> at the end of HostPort

I am using port 443 already for NGINX SSL HTTPS … so now I am using port 1443 for Wowza HLS M3U8

<!-- 443 with SSL -->
<HostPort>
<Name>Default SSL Streaming</Name>
<Type>Streaming</Type>
<ProcessorCount>${com.wowza.wms.TuningAuto}</ProcessorCount>
<IpAddress>*</IpAddress>
<Port>1443</Port>
<HTTPIdent2Response></HTTPIdent2Response>
<SSLConfig>
<KeyStorePath>${com.wowza.wms.context.VHostConfigHome}/conf/origin.domain.com.jks</KeyStorePath>
<KeyStorePassword>secret</KeyStorePassword>
<KeyStoreType>JKS</KeyStoreType>
<DomainToKeyStoreMapPath></DomainToKeyStoreMapPath>
<SSLProtocol>TLS</SSLProtocol>
<Algorithm>SunX509</Algorithm>
<CipherSuites></CipherSuites>
<Protocols></Protocols>
</SSLConfig>
<SocketConfiguration>
<ReuseAddress>true</ReuseAddress>
<ReceiveBufferSize>65000</ReceiveBufferSize>
<ReadBufferSize>65000</ReadBufferSize>
<SendBufferSize>65000</SendBufferSize>
<KeepAlive>true</KeepAlive>
<AcceptorBackLog>100</AcceptorBackLog>
</SocketConfiguration>
<HTTPStreamerAdapterIDs>cupertinostreaming,smoothstreaming,sanjosestreaming,dvrchunkstreaming,mpegdashstreaming</HTTPStreamerAdapterIDs>
<HTTPProviders>
<HTTPProvider>
<BaseClass>com.wowza.wms.http.HTTPCrossdomain</BaseClass>
<RequestFilters>*crossdomain.xml</RequestFilters>
<AuthenticationMethod>none</AuthenticationMethod>
</HTTPProvider>
<HTTPProvider>
<BaseClass>com.wowza.wms.http.HTTPClientAccessPolicy</BaseClass>
<RequestFilters>*clientaccesspolicy.xml</RequestFilters>
<AuthenticationMethod>none</AuthenticationMethod>
</HTTPProvider>
<HTTPProvider>
<BaseClass>com.wowza.wms.http.HTTPProviderMediaList</BaseClass>
<RequestFilters>*jwplayer.rss|*jwplayer.smil|*medialist.smil|*manifest-rtmp.f4m</RequestFilters>
<AuthenticationMethod>none</AuthenticationMethod>
</HTTPProvider>
<HTTPProvider>
<BaseClass>com.wowza.wms.http.HTTPServerVersion</BaseClass>
<RequestFilters>*</RequestFilters>
<AuthenticationMethod>none</AuthenticationMethod>
</HTTPProvider>
</HTTPProviders>
</HostPort>

Now Restart Wowza Server

# service WowzaStreamingEngine restart

Make sure you have also opened port 1443 on your firewall.

Now Wowza HLS M3U8 will work like HTTPS stream
https://origin.domain.com:1443/live/myStream/playlist.m3u8