Installing a certificate in ProFTPd

Hello! I installed a certificate on my proftpd ftp server, but FileZilla does not trust it. I use the following TLS configuration for my server:


TLSEngine on
TLSRequired on
TLSLog /var/log/proftpd/tls.log
TLSRSACertificateFile /etc/letsencrypt/live/antonlyap.pp.ua/fullchain.pem
TLSRSACertificateKeyFile /etc/letsencrypt/live/antonlyap.pp.ua/privkey.pem
TLSOptions NoSessionReuseRequired

Certificate is created for such domains as: antonlyap.pp.ua, www.antonlyap.pp.ua, ftp.antonlyap.pp.ua, mail.antonlyap.pp.ua. I try to connect from ftp.antonlyap.pp.ua

Your FTP server doesn’t send the whole chain. I guess ProFTPd doesn’t support multiple certificates in one file with the TLSRSACertificateFile directive, as Apache (>2.4.7) does.

You should try to set TLSCACertificateFile to /etc/letsencrypt/live/antonlyap.pp.ua/chain.pem and try again.

1 Like

have a look at this http://www.proftpd.org/docs/howto/TLS.html

the intermediates (Lets Encrypt) and the leaf should be separated out

as @Osiris mentioned

Andrei

1 Like

Hi @antonlyap,

Also, keep in mind that Filezilla doesn’t check the CAs that your OS trust so you need to manually trust it in the first connection. No matter whether it is a self-signed certificate, a Let’s Encrypt cert or a commercial one, in all of them, in the first connection, you need to trust the certificate.

Cheers,
sahsanu

2 Likes

Hello

Thank you for your answers!

I tried to follow @Osiris's instruction, but it did not take effect.

I think @sahsanu is right, FileZilla does not trust any cert and shows the alert in the first connection

Best wishes,
Anton

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.