Hi guys,
I am running a FileZilla FTP on my local network that should be secured for internet via a cert. To reach the server from outside my local network I use dynamic dns domain kastaun.ddns.net and needed port forwardings. As I can import TLS cert files into the FileZilla admin console I would like to get such files via Let's Encrypt service.
My problem is that is looks that certs are creatable for website/servers only. Does anybody has a clue how I can create the desired cert files for my FTP to run it as a FTPS afterwards?
Good news! Let's Encrypt certs (and most other standard certs from public CAs) can be used for many services beyond just websites. FTPS, RDP, SMTP, SQL among many others will all work with them. Basically, as long as the service only requires a cert with the Server Authentication (OID 1.3.6.1.5.5.7.3.1) value in the Enhanced Key Usage field, it should work.
Obtaining the cert.
Here there are many clients for many types of systems.
Installing the cert.
Here there are much less and are generally focused on installing certs into web services.
So, you may NOT find a client that can even install the cert directly into FileZilla FTP, but there should be some documentation on their site on how to do so.
And as long as the process can be automated, at the end = you win!
the simplest would be to install a web server, imho mini web servers are also available for win.
speaks against using a third-party web server?
I am now missing software to automate it for you.
I can send you ip's by mail. then just change ip on webserver, get cert, change ip back. webserver has your domain.
since ddns is to change the ip should not be a problem.
is of course not a long-term solution.
to automate this, install your own web server
No-IP owns ddns.net; they only support TXT records on their paid plans - $25/year. I don't know if they support CNAME on free plans, I doubt they support anything other than A records.
Cloudflare will require a registered domain. I don't know if they are compatible with any of the "free domain" services. Perhaps they are.
Thank you very much, after lots of trail&error I finally TLS secured (with officially trusted CA) my web and ftp server.
Now knowing how it works it is quite easy and no trouble at all.
Note: As I have an app that I need to work with within my job - this app does not accept self signed certs. this is why I went down that route.