Hi, I’m trying to figure out how to configure my ftp server to use LE certs, I found this article and I would like to know if the information is correct/secure and in case the answer is yes if this is the best way to do that.
This is the link:
Thank you!
Looks good to me. If your clients supports it, you could go with the “modern” cipher list from the Mozilla Wiki (just replace the value of TLSCipherSuite): https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
Thank you @pfg!
I used the new TLSCipherSuite from Mozilla Wiki. The connection succeed, but Filezilla ask me to authorize the “Unknown Certificate”, so if I don’t trust the certificate I get:
Status: Verifying certificate…
Error: Remote certificate not trusted.
Error: Critical error: Could not connect to server
How could I solve that?
Bests.
Hello @acaparrelli,
The only thing you can do is trust the certificate. It is a Filezilla “feature” it doesn’t check the CAs that your OS trust so you need to manually trust it in the first connection. No matter whether it is a self-signed certificate, a let’s encrypt cert or a commercial one, in all of them, in the first connection, you need to trust it.
Edit: For more info you can check this post in filezilla forum.
Cheers,
sahsanu