Let's Encrypt with CoreFTP

I am using an FTP server (using CoreFTP) on Windows Server 2019. Currently I am setting up the certificates yearly on renewal that is done manually. Is anyone aware of a way to have this auto renew like we have done with winacme with an IIS server?


1 Like

Hi @pcsmichaelm, and welcome to the LE community forum :slight_smile:

Which certificate system are you using?
[LE certs are only valid for 90 days]

1 Like

I was previously using GoDaddy that we would get a yearly SSL certificate an apply it to our servers. We moved all our webservers to using lets encrypt, but coreFTP is not a web application and does not use IIS/apache/etc. I was wondering if there was a way for me to be able to auto-renew the certificate for coreftp somehow with lets encrypt.

You don't require IIS to obtain, nor renew, an LE certificate.
You can use one of several Windows ACME clients [in --standalone mode] to validate the HTTP authentication requests.
[winacme is one of those]

This is essentially a two-step process.
Step #1: Obtain (and renew) a cert
Step #2: Use that cert within whichever program requires it [CoreFTP]


Could you suggest which to use? ACME Client Implementations - Let's Encrypt (letsencrypt.org)

I've gone to above site and for Windows all I'm seeing is binding to IIS. It has to be a complete standalone setup to renew the cert.. and the config in CoreFTP needs to be able to point to this certificate.



1 Like

I can only speak about what I have personally used: LE64.exe
See: Releases · do-know/Crypt-LE · GitHub

[others here might be able to provide recommendations on other Windows ACME clients]

1 Like

When you get a certificate (using any ACME client) it will either be in PFX format or PEM (a set of text files like 'fullchain.pem' and 'privatekey.key').

Looking at Create Domain it seems to me like you probably need the PEM format output (which I think win-acme does also provide).

You then need to set that file information in the CoreFTP server settings and if you keep the same path for certificate renewals then picking up the new/renewed certificate should just involve restarting the CoreFTP server.

If you are already familiar with win-acme you should use that to get your FTP certificate, just use the self-hosting option (which will spin up a temporary http listener to complete the http challenge, you will need TCP port 80 open).

You can also do with same with other clients such as Certify The Web, certbot and Posh-ACME.

I note that the CoreFTP website itself has no SSL configured and they haven't had a new release since 2017 so I'd take that as a sign you should probably look at other FTP server options sooner rather than later.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.