So i was following the perfect server debian 9 guide and setup everything, and than i was following how to secure with let's encrypt guide. https://www.howtoforge.com/tutorial...-lets-encrypt-ssl-certificate/#d-for-pureftpd But now i am facing problems with FTP, i can't connect over TLS, there's error of expired certificate, as you can see there are 2 certificates in chain (i don't know what that means to be honest) but one say it's expired and other one say it's renewed. I did follow everything from guide above, and i set ports in pureftp and firewall 40110:40210 but connection can't be established.
Probably the certificate pureftpd uses is expired. Maybe it is not using the certificate you created with Let's Encrypt?
That's the thing, it uses let's encrypt certificate, it links to one cert that's auto updating and everything is explained in tutorial link i posted, but idk why, it says it's expired, now everywhere else certificate is good, it's recently renewed but not as i see on ftp.
Have you run the cerbot command by hand? This tends to confuse ISPConfig. Try disabling the LE for that website in ISPConfig, remove the certificate files and turn LE back on in ISPConfig. Or follow the LE debugging instructions: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
I was looking at your attached images and I think the later cannot be LE SSL certificates since their validity should only be 90 days. I can only guess that your ispserver.pem file was not automatically recreated when LE SSL certs for the server website were renewed, if they were already renewed. You can verify this by simply looking at its creation date, which if true, it means that your incron settings may not be working as it should. If LE SSL certificates for the server website were already renewed, you have to manually run the le_ispc_pem.sh to fix the "certificate expired" error. To fix incron, verify that you still have incron installed and then check your incron settings. I would suggest changing the one in the tutorial Code: /etc/letsencrypt/archive/server1.example.com/ IN_MODIFY ./etc/init.d/le_ispc_pem.sh to this: Code: /etc/letsencrypt/archive/server1.example.com/ IN_CREATE, IN_MODIFY /bin/bash /etc/init.d/le_ispc_pem.sh Finally restart incron via "service incron restart". To test whether incron is working, take note of the creation time of ispserver.pem file and then create any test file inside /etc/letsencrypt/archive/server1.example.com/. If ispserver.pem file creation time change, then your incron is now working and should be able to automatically renew ispserver.pem in the future.
So i rerun all commands from above tutorial link that i posted, upon further checking out i found out that ispconfig cert file and website domain cert are missmatching, basically they were generated on different time, and since one that is on domain name is set to expire later, certbot didn't generate new file, and incron didn't have need to copy files since there was no modification, but ftp was using old expired cert. But now i have different problem, my filezilla won't connect to server, i am getting error Code: Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Command: USER username Error: GnuTLS error -110: The TLS connection was non-properly terminated. Status: Server did not properly shut down TLS connection Error: Could not connect to server Whatever i google i find divided explains, some people blame server, some blame filezilla, but no real answers.
You might want to try other software(s). I personally use winscp from my windows pcs and elfinder if I need quicker access from my web browser(s).
Check which version Filezilla you have. I remember in the past updated Filezilla ceased to work without fiddling with the settings. I do not remember what exact version it was. So Filezilla may change how the program works from version to version.
Yes with winscp it works fine, i use winscp too, but not for client logins, because it can mess up permissions and roles some time when uploading. So it's Filezilla problem definitely.
