I needed to set up a mumble server for a friends minecraft community. The Mumble software uses a client–server architecture which allows users to talk to each other via the same server. It has a very simple administrative interface and features high sound quality and low latency where possible. All communication is encrypted to make sure user privacy using either a self signed cert or a cert purchased via a vendor. The great thing about Mumble is that it’s free and open-source software, is cross-platform, and is released under the terms of the new BSD license. Since letsencrypt is awesome and provides completely free certs to the end users, I figured it would be perfect to use in this attempt. So I started on the road to acquire a letsencrypt ssl cert for mumble.
First we need to acquire the letsencrypt client. for this you need git.
git clone https://github.com/letsencrypt/letsencrypt
./letsencrypt-auto certonly --standalone --standalone-supported-challenges tls-sni-01
A text / curses bases dialogue will start. it will ask you to input your domain(s) you want a cert for. If you want multiple domains or multiple subdomains at the same time just separate them via a space or a comma, follow the prompts and it will install your cert in /etc/letsencrypt/live/<domain>/cert.pem. So far so good! now you need to install murmur/mumble-server on your machine. I would like to tell you how to do it but due to the nature of software it might change, the best way to do it is via checking the official mumble wiki for info on how to do it for your OS. To do it in Ubuntu I used the following commands
sudo add-apt-repository ppa:mumble/release
sudo apt-get update
sudo apt-get install mumble-server
sudo dpkg-reconfigure mumble-server
Now lets setup the mumble server to use the certs we acquired earlier. Edit /etc/mumble-server.ini , I prefer using nano but it’s because I am a pleb, you may be a super 1337 operator and use vi or vim or directly edit the 1’s and 0’s on the drive platters. Find the following keys and edit them or add if they don’t exist or are commented out.
the sslCA may not exist, thats fine, this allows all mumble clients to accept the cert from LE. One last issue you need to resolve before you can start mumble-server is the ssl cert is root only access at the moment. the way I resolved this is to change the group on the files and folders. you may have a better solution, please do share it in the comments.
chgrp -R ssl-cert /etc/letsencrypt
chmod -R g=rX /etc/letsencrypt
now start mumble-server with a service mumble-server restart or whatever your OS accepts, and Voila! you are now up and running using a valid letsencrypt ssl cert for mumble 🙂 if you have any questions, or comments, or better way of doing this please let me know.