SSL certificate for Owncast Apache instance on port 8080

oneearth · April 10, 2026, 3:00pm

SYSTEM INFORMATION
OS type and version	Debian 12
Virtualmin version	8.1.0 GPL

I’m trying to get an Owncast instance working on a Debian 12 Apache server.

I put the Owncast executable at /opt/owncast. Opened ports 8080 and 1935 in Firewalld. Created owncast service.

Tried to get a working Apache config for separate virtual server (a subdomain) following the Apache config on the Owncast website.

I didn’t know how to specify the SSL certificate, so I just copied the SSL paths of the main virtual server.

That didn’t work. Http works - the Owncast instance is accessible.

But https doesn’t work.

I set Virtualmin to always go to the SSL site.

How do I get SSL working for a port?

This is /etc/apache2/sites-available/owncast.conf

<VirtualHost *:80>
        ServerName live.communitykirtan.com
        ServerAdmin kirtan@communitykirtan.com

        Redirect permanent / https://live.communitykirtan.com

</VirtualHost>

# live-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName live.communitykirtan.com
        ServerAdmin kirtan@communitykirtan.com

        ProxyRequests       Off
        ProxyPreserveHost   On
        AllowEncodedSlashes NoDecode

        ProxyPass        / http://localhost:8080/ upgrade=websocket
        ProxyPassReverse / http://localhost:8080/

        RequestHeader    set X-Forwarded-Proto "https"
        RequestHeader    set X-Forwarded-Port "443"

        SSLCertificateFile /etc/ssl/virtualmin/1775330264488674/ssl.cert
        SSLCertificateKeyFile /etc/ssl/virtualmin/1775330264488674/ssl.key
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCACertificateFile /etc/ssl/virtualmin/1775330264488674/ssl.ca

</VirtualHost>
</IfModule>

This is /etc/apache2/sites-available/live.communitykirtan.com.conf

<VirtualHost *:80>
    SuexecUserGroup #1005 #1004
    ServerName live.communitykirtan.com
    ServerAlias www.live.communitykirtan.com
    ServerAlias mail.live.communitykirtan.com
    ServerAlias webmail.live.communitykirtan.com
    ServerAlias admin.live.communitykirtan.com
    DocumentRoot /home/live/public_html
    ErrorLog /var/log/virtualmin/live.communitykirtan.com_error_log
    CustomLog /var/log/virtualmin/live.communitykirtan.com_access_log combined
    ScriptAlias /cgi-bin/ /home/live/cgi-bin/
    ScriptAlias /awstats /home/live/cgi-bin/awstats.pl
    DirectoryIndex index.php index.htm index.html
    <Directory /home/live/public_html>
        Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwn
erMatch
    </Directory>
    <Directory /home/live/cgi-bin>
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwn
erMatch
    </Directory>
    ProxyPass /.well-known !
    RewriteEngine on
    RewriteCond %{HTTP_HOST} =webmail.live.communitykirtan.com
    RewriteRule ^/(?!\.well-known)(.*)$ https://live.communitykirtan.com:20000/ [R=301,L]
    RewriteCond %{HTTP_HOST} =admin.live.communitykirtan.com
    RewriteRule ^/(?!\.well-known)(.*)$ https://live.communitykirtan.com:10000/ [R=301,L]
    RemoveHandler .php
    RemoveHandler .php8.2
    RemoveHandler .php8.4
    RedirectMatch ^/awstats$ /awstats/
    <FilesMatch \.php$>
        SetHandler proxy:unix:/run/php/1775330264488674.sock|fcgi://127.0.0.1
    </FilesMatch>
    <Files awstats.pl>
        AuthName "live.communitykirtan.com statistics"
        AuthType Basic
        AuthUserFile /home/live/.awstats-htpasswd
        require valid-user
    </Files>
    RewriteRule ^/(?!.well-known)(.*)$(.*)$ https://%{HTTP_HOST}/$1$1 [R]
    RewriteRule ^/(?!.well-known)(.*)$(.*)$ https://%{HTTP_HOST}/$1$1 [R]
    RewriteRule ^/(?!.well-known)(.*)$(.*)$ https://%{HTTP_HOST}/$1$1 [R]
"

jimr1 · April 10, 2026, 3:07pm

I did this some while ago, however it only appeared to work correctly using nginx. however I ditched owncast in favour of rtmp which tbf has been rock steady for over a year

oneearth · April 10, 2026, 4:24pm

I’m even worse at nginx than apache. Great that you got it working with nginx.

Are you going the strictly rtmp route, without the chat feature of Owncast?

jimr1 · April 10, 2026, 5:23pm

I built my own chat app (?) That sits next to the rtmp window a bit like owncast.
I ran nginx concurrently with apache so the web side is rendered by apache and the rtmp/opencast is served via nginx and then just put into a frame in the apache website

oneearth · April 10, 2026, 5:41pm

Wow! Building your own chat is impressive!
Nice bit of tech work to customize the server the way you want!