Jump to content
  • M1GC

Tried your approach but when I went to start stunnel, I got this output (How to Secure NGINX/RTMP stream to Facebook using Stunnel) (SOLVED)


Recommended Posts

Tried your approach (How to Secure NGINX/RTMP stream to Facebook using Stunnel) but when I went to start stunnel, I got this output:

[ ] Clients allowed=500
[.] stunnel 5.56 on x86_64-pc-linux-gnu platform
[.] Compiled with OpenSSL 1.1.1c  28 May 2019
[.] Running  with OpenSSL 1.1.1f  31 Mar 2020
[.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
[ ] errno: (*__errno_location ())
[.] Reading configuration from file /etc/stunnel/stunnel.conf
[.] UTF-8 byte order mark not detected
[ ] "/etc/stunnel/conf.d/." is not a file
[ ] "/etc/stunnel/conf.d/.." is not a file
[.] Reading configuration from file /etc/stunnel/conf.d/fb.conf
[.] UTF-8 byte order mark not detected
[.] FIPS mode disabled
[ ] Compression disabled
[ ] No PRNG seeding was required
[ ] Initializing service [fb-live]
[ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
[ ] TLSv1.3 ciphersuites: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
[ ] TLS options: 0x02100004 (+0x00000000, -0x00000000)
[ ] No certificate or private key specified

[!] error queue: ../crypto/x509/by_file.c:199: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
[!] error queue: ../crypto/bio/bss_file.c:76: error:2006D080:BIO routines:BIO_new_file:no such file
[!] SSL_CTX_load_verify_locations: ../crypto/bio/bss_file.c:69: error:02001002:system library:fopen:No such file or directory
[!] Service [fb-live]: Failed to initialize TLS context

[ ] Deallocating section defaults


Just wondering what I may have done wrong, thought I had followed your instructions exactly, but may have forgotten something. Any suggestions?

  • Like 1
Link to comment
Share on other sites

  • M1GC changed the title to Tried your approach but when I went to start stunnel, I got this output (How to Secure NGINX/RTMP stream to Facebook using Stunnel)

STUNNEL ERRORS

[ ] No certificate or private key specified
[!] error queue: ../crypto/x509/by_file.c:199: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
[!] error queue: ../crypto/bio/bss_file.c:76: error:2006D080:BIO routines:BIO_new_file:no such file

Stunnel will require a ssl certificate to connect encrypted.

I noticed, the actual error is indicating you do not have a SSL CERTIFICATE.
I marked your reply, with all 
Green for working config in your logs, and Red to indicate what is causing stunnel not to start.

The fb.conf config is pointing to a ssl cert, but it doesn't seem to exist in the directory according to the error.

This ssl certificate may have been left out of the tutorial process, assuming the config was already in this directory during install.

I have updated the tutorial and added the instructions on how to add the ssl cert to rid these errors.
Instructions will contain information on how to create your own using 
letsencryptopenssl, and Mozilla CA Authority Certificate Store,
Choose one you wish to use, and add it to the config. I Tested all 3, all are working without any errors...

Adding a certificate file, authority, and it's cert locations to the fb.conf should remedy the certificate error.

Click this link to return to the tutorial which will have updates on how to create a ssl certificate for stunnel.

Then retry to Start the Stunnel Server.
Keep me posted / Reply to this thread if you remedy the errors, or if you experience any additional errors.

  • Like 1
Link to comment
Share on other sites

  • M1GC changed the title to Tried your approach but when I went to start stunnel, I got this output (How to Secure NGINX/RTMP stream to Facebook using Stunnel) (SOLVED)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • M1GC

  • Welcome to M1GC

    tenor.gif

    We accept players of all skill levels and help members grow at their own pace.

    We are respectful, determined, and proud to be M1GC members..

  • twitch-logo.gif.6e366685b5d45bf948dad544bc71f521.gif

    Check out M1GC on Twitch

  • Sign up to Restream.io

    M1-Gaming Is Inviting you to Join Restream. The best way to stream video live to 30+ platforms simultaneously for free.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.