Subsonic Forum

[jarome]

I followed the instructions at https://gist.github.com/alvarow/b691da8768a590b623261c845782f081 to install my letsencrypt certificate. But even after restarting my Subsonic server (OpenSUSE LEAP 15.1), it is still using the self-signed Subsonic certificate. How do I fix this?

[MrChimp1]

Did you manage to fix this? I use LetsEncrypt and I can send you my instructions for setting this up.

[MrChimp1]

OK, managed to get near my computer for 5 minutes. I can't take full credit for all this, its a collection of research but it works for me everytime on a raspberry pi.

1) Create CSR:
openssl req -new -newkey rsa:2048 -nodes -keyout subsonic.domainName.key -out subsonic.domainName.csr

2) Complete cert request via LetsEncrypt and save new cert as "YourNewcert.cer"
!!!! Where prompted use password "subsonic"

3) Obtain the LetsEncrypt root and intermediate certs then combine files:
cat subsonic.domainname.key YouNewCert.cer LetsEncryptIntCert.cer LetsEncryptRootCert.cer > subsonicCertBundle.crt
e.g. cat hostname.key hostname.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > subsonic.crt

4) Convert to PKCS12
openssl pkcs12 -in subsonicCertBundle.crt -export -out subsonic.pkcs12

5) Import into keystore:
sudo keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -srcstoretype PKCS12 -srcstorepass subsonic -srcalias 1 -destalias subsonic
{password 'subsonic'}

6) Place the keystore into Subsonic:
sudo zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore

7) Enable SSL in subsonic:
sudo nano /etc/default/subsonic
SUBSONIC_ARGS="--port=0 --https-port=443 --max-memory=200"

Note when changing port, only root can bind to ports below 1024 by default, so if you run Subsonic under a service account, see my other post here

[jarome]

Rebooting the computer changed the subsonic certificate I believe.

[tangert]

With ubuntu 19.10 I needed to add "-deststoretype PKCS12" to the keytool command to make this work:

sudo keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -deststoretype PKCS12 -srcstoretype PKCS12 -srcstorepass subsonic -srcalias 1 -destalias subsonic

[d0tm4tr1x]

Some small adjustments:

With the filesnames you get from LetsEncrypt
3) Obtain the LetsEncrypt root and intermediate certs then combine files:

Code: Select all

cat privkey.pem > subsonic.crt
cat cert.pem >> subsonic.crt
cat chain.pem >> subsonic.crt

I'm running 6.1.6 and the file is in a different place (I use both locations)
6) Place the keystore into Subsonic:

Code: Select all

sudo zip /var/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore