I have been pondering more security for my server. I have a desire to secure FTP as well and even the TELNET access to the host.

I am using VSFTPD for my FTP tool and I am not sure if that can have a CERBOT certificate make to work

I use PUTTY to connect to my host on the LAN.

I'm wondering: why would you want telnet with TLS in stead of just using SSH?

Seems to be plenty of Google results for that:


Next thing is getting a certificate, which is fairly easy. Please see the following pages for more information:


While you're at it, you could also consider replacing FTP with SFTP (typically supported automatically on the server side by OpenSSH!). Increasingly, various FTP clients have built-in support for SFTP.


Very true!  


There is only one way to secure TELNET: Uninstall it.
You say you use "putty", then use it via Secure Shell (SSH).


I have SSH installed already which is what I use with PUTTY

I was simply wondering of CERTBOT can help

Certbot can get you a cert (or already has).
You now need to use the cert to secure your communications.


SSH already is secure and doesn't need TLS certificates.

Maybe for FTP, but as @schoen said, SFTP is a better and more secure option.

Also, your thread title mentions "OpenSSL", but your first post doesn't mention it at all..? Why "OpenSSL"?


OpenSSL is an older tool that I use to use to fix certificates for windows etc

Windows and Azure want PEM files

certbot outputs PEM files. OpenSSL is just a generic tool. Totally not relevant to your other questions.

1 Like

what is the command for generating PEM files for windows?

That is question is incomplete or at least lacks the appropriate context.

1 Like

perhaps incomplete but i have long puzzled over how to get certificates availale for windows etc

linux is better documented for websites after google elected to pressure the situation

short term certificates are a major nuisance for windows as there is no certbot for that operating system to secure remote desktop etc

Certbot is available for Windows. Certbot produces the output files in PEM format. I don't see the issue here.

1 Like

Never used to be

windows has events but its messy with the UAC for elevation etc

no easy to set and forget anymore

I have no idea what specific part of my post you're refering to. Please use quotes or otherwise make clear which specific part you're refering to.

I have absolutely no idea what you're talking about here. Please make your posts more clear, so I/we can actually understand what you mean.

See the above: I have no idea what this means.

1 Like

This forum unlike phpBB does not let users edit posts so sorry if the questions wander

I use remote desktop extensively and using a certificate would make life easier but I am not sure how it even works whether its on a per user or on the system or what

Hi @HardcoreGames,

I don't know much about Windows myself, but there are several different Let's Encrypt clients available for Windows

including (nowadays) Certbot! Some of them integrate with IIS or do other things.

You don't necessarily have to get your certificates on a Unix machine and then copy them over to a Windows machine (although you can do that if you want); you could choose to use one of these Let's Encrypt clients natively on Windows.

Most of the developers of these applications are here on this forum so you can probably get pretty good help if you try one and run into a specific problem with it.


desktop windows is the problem for remote desktop while adding a certificate for IIS is not difficult

Posh-ACME combined with Posh-ACME.Deploy make it pretty trivial to get a cert and apply it to remote desktop (and other Windows services). In the simplest case, it would be something like this after configuring an ACME server and creating an account:

New-PACertificate example.com | Set-RDSHCertificate