Skip to content

Instantly share code, notes, and snippets.

@alvarow

alvarow/letsencryt-subsonic.md

Created August 20, 2018 15:49
Show Gist options
  • Star 7 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save alvarow/b691da8768a590b623261c845782f081 to your computer and use it in GitHub Desktop.
Save alvarow/b691da8768a590b623261c845782f081 to your computer and use it in GitHub Desktop.
Download ZIP
Using Let's Encrypt SSL with Subsonic
Raw
letsencryt-subsonic.md

Using Let's Encrypt SSL with Subsonic

Let's Encrypt Docs

Subsonic getting started Docs

Link from where most of this info came from

Here is a simple tutorial to use Letsencrypt SSL Certs with Subsonic. This is on a Debian Server

keytool complains if your openssl export password is empty. Additionally, Subsonic expects your keystore password to be subsonic.

To the questions asked, subsonic for each i.e.:

Enter Export Password: subsonic
Verifying - Enter Export Password: subsonic

Enter destination keystore password: subsonic
Re-enter new password: subsonic
Enter source keystore password: subsonic

Here's the steps, after you got Certbot installed and your certificate issued:

cd /etc/letsencrypt/live/<domain_name>

cat privkey.pem > subsonic.crt
cat cert.pem >> subsonic.crt
cat chain.pem >> subsonic.crt

openssl pkcs12 -in subsonic.crt -export -out subsonic.pkcs12

keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -srcstoretype PKCS12 -srcalias 1 -destalias subsonic

zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore

Tell Subsonic to listen for HTTPS, edit /etc/default/subsonic

SUBSONIC_ARGS="--max-memory=512 --context-path=/subsonic --port=8080 --https-port=8443"

Restart subsonic

service subsonic restart

@nairobiny
Copy link

Did you reboot? James A. Rome

Yes, it persists across a reboot.

@nairobiny
Copy link

I think I fixed it... the issue was that it was storing the full path to the new keystore file and therefore wasn't overwriting the old one.

This seemed to work: replacing zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar $WORKING_PATH/subsonic.keystore with zip -j /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar $WORKING_PATH/subsonic.keystore

Here's a revised script in case it helps anyone else:

#!/bin/bash
# Update the certificate for Subsonic.

# Directory locations
CERTIFICATE_PATH=/etc/letsencrypt/live/INSERT_YOUR_DOMAIN_HERE
WORKING_PATH=/INSERT_A_WORKING_PATH_HERE_EG_HOME_DIRECTORY

# Copy the new certificates over
cp $CERTIFICATE_PATH/privkey.pem $WORKING_PATH
cp $CERTIFICATE_PATH/cert.pem $WORKING_PATH
cp $CERTIFICATE_PATH/chain.pem $WORKING_PATH
cat $WORKING_PATH/privkey.pem > $WORKING_PATH/subsonic.crt
cat $WORKING_PATH/cert.pem >> $WORKING_PATH/subsonic.crt
cat $WORKING_PATH/chain.pem >> $WORKING_PATH/subsonic.crt

# Run openssl on our new key
openssl pkcs12 -in $WORKING_PATH/subsonic.crt -export -out $WORKING_PATH/subsonic.pkcs12 -passout pass:subsonic

# Run keytool on our new key
keytool -importkeystore -srckeystore $WORKING_PATH/subsonic.pkcs12 -destkeystore $WORKING_PATH/subsonic.keystore -srcstoretype PKCS12 -srcalias 1 -destalias subsonic -srcstorepass subsonic -deststorepass subsonic

# Now zip the new keystore
zip -j /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar $WORKING_PATH/subsonic.keystore

# Restart subsonic
service subsonic restart

# Tidy up
rm $WORKING_PATH/privkey.pem
rm $WORKING_PATH/cert.pem
rm $WORKING_PATH/chain.pem
rm $WORKING_PATH/subsonic.crt
rm $WORKING_PATH/subsonic.pkcs12
rm $WORKING_PATH/subsonic.keystore

@alvarow
Copy link
Author

alvarow commented Oct 12, 2021

very nice!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment