I using certifythe web since a while for generating and update a certificate for the web site and for IceCast server.
The PEM certificate is not longer accepted by IceCast.
So I used openssl to review the pem file and found some critical issues:
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D7:CA:25:80:70:EA:48:DF:58:71:94:99:4B:91:3B:EA:E4:4E:F0:DC
X509v3 Authority Key Identifier:
14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:country-radio.eu, DNS:www.country-radio.eu
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
What could be the problem and what has change in the software?