Hi, Debian 12, ISPConfig Version: 3.2.12p1. And suddenly Pure-ftpd doesn't work. Probably some autu upgrade broke it ? Because I haven't changed anything in it in conf. Log during start is: Feb 06 16:36:53 pure-ftpd-mysql[657826]: Starting ftp server: Feb 06 16:36:53 pure-ftpd-mysql[657833]: Running: /usr/sbin/pure-ftpd-mysql -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -p 30000:31000 -Y 1 > Feb 06 16:36:53 systemd[1]: Started pure-ftpd-mysql.service. Feb 06 16:36:53 pure-ftpd[657834]: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem] I tried to disable chroot mode in /etc/default/pure-ftpd-common I changed symlink /etc/ssl/private/pure-ftpd.pem to static file I changed permissions to dirs and file /usr/local/ispconfig/interface/ssl/ispserver.pem ALL nothing and nothing. It doesn't want to start My clients reports failure How to fix it please ?
Symlink /etc/ssl/private/pure-ftpd.pem to /usr/local/ispconfig/interface/ssl/ispserver.pem and permissions 600 should work just fine. It does at least on Ubuntu 24.04
Heh no, in pure-ftpd.conf: CertFile /etc/ssl/private/pure-ftpd.pem root@h3-virt/etc/pure-ftpd# ls -l /etc/ssl/private/pure-ftpd.pem lrwxrwxrwx 1 root root 48 Jan 24 21:38 /etc/ssl/private/pure-ftpd.pem -> /usr/local/ispconfig/interface/ssl/ispserver.pem root@h3-virt/etc/pure-ftpd# root@h3-virt/etc/pure-ftpd# ls -l /usr/local/ispconfig/interface/ssl/ispserver.pem -rwxr-xr-x 1 root root 2840 Feb 6 15:36 /usr/local/ispconfig/interface/ssl/ispserver.pem root@h3-virt/etc/pure-ftpd# root@h3-virt/etc/pure-ftpd# systemctl restart pure-ftpd-mysql.service root@h3-virt/etc/pure-ftpd# systemctl status pure-ftpd-mysql.service ● pure-ftpd-mysql.service Loaded: loaded (/etc/init.d/pure-ftpd-mysql; generated) Drop-In: /run/systemd/system/service.d └─zzz-lxc-service.conf Active: active (exited) since Thu 2025-02-06 17:13:07 CET; 2s ago Docs: man:systemd-sysv-generator(8) Process: 666194 ExecStart=/etc/init.d/pure-ftpd-mysql start (code=exited, status=0/SUCCESS) Feb 06 17:13:07 systemd[1]: Starting pure-ftpd-mysql.service... Feb 06 17:13:07 pure-ftpd-mysql[666194]: Starting ftp server: Feb 06 17:13:07 pure-ftpd-mysql[666201]: Running: /usr/sbin/pure-ftpd-mysql -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -p 30000:31000 -Y 1 > Feb 06 17:13:07 systemd[1]: Started pure-ftpd-mysql.service. Feb 06 17:13:07 pure-ftpd[666202]: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem] And it doesn't work: root@h3-virt/etc/pure-ftpd# netstat -tnpl|grep pure root@h3-virt/etc/pure-ftpd#
And I changed permissions to 600: root@h3-virt/etc/pure-ftpd# chmod 600 /usr/local/ispconfig/interface/ssl/ispserver.pem root@h3-virt/etc/pure-ftpd# ls -l /usr/local/ispconfig/interface/ssl/ispserver.pem -rw------- 1 root root 2840 Feb 6 15:36 /usr/local/ispconfig/interface/ssl/ispserver.pem root@h3-virt/etc/pure-ftpd# systemctl restart pure-ftpd-mysql.service And still same error: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
The error says file /etc/ssl/private/pure-ftpd.pem doesn't exist. Are you absolutely sure your simlink is correct? No typo somewhere? Looks like the symlink points to an incorrect file or doesn't exist. This is my server Code: ls -la /etc/ssl/private/pure-ftpd.pem lrwxrwxrwx 1 root root 48 Oct 8 20:19 /etc/ssl/private/pure-ftpd.pem -> /usr/local/ispconfig/interface/ssl/ispserver.pem ls -la /usr/local/ispconfig/interface/ssl/ispserver.pem -rw------- 1 root root 7171 Feb 6 04:45 /usr/local/ispconfig/interface/ssl/ispserver.pem
And this is my server: Code: root@h3-virt/etc/pure-ftpd# ls -la /etc/ssl/private/pure-ftpd.pem lrwxrwxrwx 1 root root 48 Jan 24 21:38 /etc/ssl/private/pure-ftpd.pem -> /usr/local/ispconfig/interface/ssl/ispserver.pem root@h3-virt/etc/pure-ftpd# ls -la /usr/local/ispconfig/interface/ssl/ispserver.pem -rw------- 1 root root 2839 Feb 6 17:29 /usr/local/ispconfig/interface/ssl/ispserver.pem root@h3-virt/etc/pure-ftpd#
And this is whole config of my Pure-ftpd: Code: root@h3-virt/etc/pure-ftpd# grep -v "^#" pure-ftpd.conf | grep -v "^$" ChrootEveryone yes BrokenClientsCompatibility no MaxClientsNumber 50 Daemonize yes MaxClientsPerIP 8 VerboseLog yes DisplayDotFiles yes AnonymousOnly no NoAnonymous no SyslogFacility ftp DontResolve yes MaxIdleTime 15 LimitRecursion 10000 8 AnonymousCanCreateDirs no MaxLoad 4 PassivePortRange 30000 31000 AntiWarez yes Umask 133:022 MinUID 100 AllowUserFXP no AllowAnonymousFXP no ProhibitDotFilesWrite no ProhibitDotFilesRead no AutoRename no AnonymousCantUpload no MaxDiskUsage 99 CustomerProof yes TLS 1 CertFile /etc/ssl/private/pure-ftpd.pem root@h3-virt/etc/pure-ftpd# And version of it is: root@h3-virt/etc/pure-ftpd# dpkg -l | grep pure ii pure-ftpd-common 1.0.50-2.1 all Pure-FTPd FTP server (Common Files) ii pure-ftpd-mysql 1.0.50-2.1+b2 amd64 Secure and efficient FTP server with MySQL user authentication maybe it has some bug ?
I just checked here on my Debian 12 dev server, and all Debian updates were installed, and there is no pure-ftpd error. Did you maybe install AppArmor or so, which prevents file access now?
Generally that ISPConfig3 is installed inside LXD container. It doesn't have apparmor installed. So I don't know what is causing that problem. Without TLS Pure-ftpd is starting, so there is only that problem with "Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]" Probably I'll leave it without TLS support because I don't have any ideas yet.
And when you run: cat /etc/ssl/private/pure-ftpd.pem you get the cert content as result on the screen?
You know what is weird, I set line in config to other cert: CertFile /etc/ssl/certs/dd8e9d41.0 but is still after restart shows: Code: root@h3-virt/etc/pure-ftpd# systemctl status pure-ftpd-mysql.service ● pure-ftpd-mysql.service Loaded: loaded (/etc/init.d/pure-ftpd-mysql; generated) Drop-In: /run/systemd/system/service.d └─zzz-lxc-service.conf Active: active (exited) since Thu 2025-02-06 19:27:18 CET; 2s ago Docs: man:systemd-sysv-generator(8) Process: 19208 ExecStart=/etc/init.d/pure-ftpd-mysql start (code=exited, status=0/SUCCESS) Feb 06 19:27:18 h3.sdata.net.pl systemd[1]: Starting pure-ftpd-mysql.service... Feb 06 19:27:18 h3.sdata.net.pl pure-ftpd-mysql[19208]: Starting ftp server: Feb 06 19:27:18 h3.sdata.net.pl pure-ftpd-mysql[19215]: Running: /usr/sbin/pure-ftpd-mysql -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -E -O clf:/var/log/pu> Feb 06 19:27:18 h3.sdata.net.pl systemd[1]: Started pure-ftpd-mysql.service. Feb 06 19:27:18 h3.sdata.net.pl pure-ftpd[19216]: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
You might want to check with openssl commands that the cert/key combination in that file is valid. Just to ensure that we do not have an issue that pure-ftpd falsely reports it as inaccessible while it might just not be readable / decodable as an SSL cert.
I found workaround after many hours of struggling with it. Starting this FTP from command line manually works! From systemctl start - not. Still returns this error. This is probably related this is ISPConfing in LXD container and thats it. Anyway I wanted write about solution here for others for the future Cheers all!
