Can i use with FTPs server


#1

hi all,

can i use lets encrypt for my ftps server, all i have installed on my server is vsftpd service and no apache/httpd service

many thanks,

rob


#2

Yes you can.  


#3

how do you do it if you havnt got a webroot?


#4

As long as there isn’t a firewall blocking port 80 or 443 you could use certbot with the standalone plugin, which will temporary start a embedded webserver for just a few moments to verify the challenge.

Or if that’s not possible, you could use certbot with the manual plugin with the dns-01 challenge. But that requires (obviously) access to your DNS zone. But certbot and the dns-01 challenge isn’t a good combo for automation, so if you really need a DNS challenge you could pick one of the third party clients, such as acme.sh. I know it has many DNS API plugins.


#5

ok so i could do this -

certbot certonly --standalone -d robo84.ddns.net

instead of this -

certbot certonly --webroot -w /var/www/html -d robo84.ddns.net

obviously open up port 80 or 443 on router


#6

Correct. And with either --standalone-supported-challenges http-01 or --standalone-supported-challenges tls-sni-01 you can choose between port 80 or 443, respectively. I’m not sure what the default is.


#7

so obviously to renew my key i would need port 80 or 443 open during the life of the ftp server so it can renew, even if i dont need port 80 or 443 open, just needed for the renewal


#8

Correct.

It’s probably not possible to script something to open up ports in your router from your server? If you can, you might be able to use the --pre-hook and --post-hook switches during renewal.


#9

Let me make https://github.com/veeti/manuale a bit more popular.
It supports DNS based (TXT record) authorization.

You may install it only for your user: pip install --user manuale

Usage example: https://github.com/szepeviktor/debian-server-tools/blob/master/security/cert-update-manuale-CN.sh


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.