Filezilla FTP SSL Warning

Hi there,
We're thinking if your service can help us solve the SSL warning that we're getting on Filezilla, here's the warning: Screenshot by Lightshot

Thank you!

1 Like

Hi,

This forum is intended to support the use of Let's Encrypt certificates. Your certificate is issued by cPanel, so please find help from your cPanel hosting provider or contact cPanel official support.

3 Likes

When you request a certificate from any cerificate authority it either needs to contain all of the possible domain names you will want to use it for (including www. ftp. mail.) etc., or it needs to a wildcard like *.domain.com. You probably need to request your cPanel certificate again and add all of the possible names as subject alternative names then re-apply the new certificate.

You may indeed be able to switch over to using Let's Encrypt, if you are the administrator of this web server, in which case check out the Certbot docs Introduction — Certbot 1.15.0.dev0 documentation, assuming this a linux based server.

3 Likes

Hi steven,
Thank you for checking this.

Our server team replied and they said:
It is not possible to add a customers SSL Certificate to the FTP service in cPanel, even with a dedicated IP. This is something that has been requested to cPanel but they have not yet implemented the feature: SNI support for FTP | cPanel & WHM Feature Requests

So we're thinking if Let's Encrypt can help us with this.

1 Like

The problem isn't certificate issuance, it's that cpanel ftp support can't use (bind) the certificate due to a lack of SNI (server name indication) support in the software they rely on.

As the certificate is only mismatched on name you could still click 'Always trust this certificate in future sessions` as a workaround, or move the service to a server you manage yourself (not a shared hosting service).

2 Likes

Hi there,

Thank you so much for the prompt reply.
We've actually tried to move to another server with Dedicated IP address and not a shared service, but the warning still occurs. According to Hostinger " If you set the Encryption as Use explicit FTP over TLS if available , then you will be prompted with the TLS certificate inspection screen." How to Configure FileZilla FTP Client: A Step-by-Step Guide

Looks like we cannot resolve this warning and all we need to do is to tick the always trust this certificate checkbox. Does it mean Let's Encrypt service cannot resolve the warning too? Sorry I'm not really familiar with this, thank you for your understanding.

1 Like

Let's Encrypt is a Certificate Authority and just issues certificates, how you use the certificates is a completely separate thing and is all to do with the software you choose to run.

So, you can use Let's Encrypt to get a certificate but all the stuff to do with applying it to an ftp service (or a mail service or a web server etc) is a different topic (TLS) and is driven by your own software and how you configure it.

2 Likes

SNI is not necessary if one has a dedicated IP address. The only reason SNI exists is to be able to select a TLS certificate before the actual TLS handshake. This is usefull if there are multiple TLS certificates in play behind a single IP address. If one has a dedicated IP address and only has a single TLS certificate setup at that IP address, SNI is not usefull. (Then, it's just a privacy infringement.)

That said, it's of course perfectly possible to have a dedicated IP address on a shared hosting server and don't have the software be able to distinguish the relevant stuff based on the IP address. But that's not due to SNI, but to other software issues.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.