FTP connection impossible due to unrecognised certificate on fresh installation

Discussion in 'Installation/Configuration' started by FabCli, Jan 10, 2022.

  1. FabCli

    FabCli New Member

    Hello to all,

    I have configured a new server based on debian 11 bullseye with ISPConfig 3.2.7p1

    Everything is working fine. However after installation, there is a problem with ftp connection on the sites due to a certificate problem.

    "The server certificate is unknown ..."

    I followed the procedure "Perfect Server Automated ISPConfig 3 Installation on Debian 10 - 11 and Ubuntu 20.04" ( howtoforge(.)com/ispconfig-autoinstall-debian-ubuntu/ )

    cd /tmp
    wget ... ISPConfig-3-stable.tar.gz
    tar xfz ISPConfig-3-stable.tar.gz
    cd ispconfig3_install/install/

    php -q update.php

    in order to install an ssh key.

    Attached Files:

  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    By default only if you connect to server hostname fqdn would ISPConfig covered by default but connecting with any other websites domain name would not. So did you connect through the former or the latter?
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Seems as if you mix up SSH (SFTP) and FTP (FTPS) here. SSH keys are used by SSH only, FTP uses SSL, and a Let's Encrypt SSL cert is installed by running the auto-installer, no ISPConfig update is needed (at least unless you missed configuring a proper server hostname first).
  4. FabCli

    FabCli New Member

    It seems so ! o_O #NoobInProgress

    I have configured the host as follows localhost.localdomain localhost

    ::1 localhost ip6-localhost ip6-loopback
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters server.mydomain.com ServerName ServerName ServerName

    I can connect to the Ispconfig interface, create the FTP user, but cannot connect in FTP with Filezilla.
    This could be due to a wrong configuration of the host file before installation ? :eek:
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The hostname must be configured as DNS A-Record in the DNS servers that are authoritative (responsible) for that zone, the local /etc/hosts file of the server does not matter for that as let's encrypt will only issue a valid cert if the external DNS is set up properly before you install ISPConfig (or before you run an update to recreate the SSL certificate).

    Take care that you use FTPS in FileZilla as connection method and not SFTP. SFTP is not FTP, it is SSH.
  6. FabCli

    FabCli New Member

    ok I check this point, then I redo a clean install
  7. FabCli

    FabCli New Member

    After clean re-install of debian 11 and ispconfig with the perfect server script. (without update)
    No errors reported
    - client creation
    - ftp user creation

    In Filezilla
    same configuration as this one


    I try in Forklift 3 too
    address provided by OVH
    impossible to connect.
    server certificat unknow ...

    I am following the same FTP process as on another OVH dedicated server for which ispconfig was installed automatically at the install.
    There is something I don't understand! :confused:
  8. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    The LE SSL certs used is under your server fqdn thus your ip or any other sites domain in the server, is not included. Meaning you should connect only to e.g. example.server.tld if that is your server fqdn.
  9. FabCli

    FabCli New Member

    Thank's @ahrasis
    It seems to me that this is what I did. ( but I may have misunderstood )

    I am using the same address: example.myserver.com as the one I used to log in to the ispconfig interface ( example.myserver.com:8080 )

    On my old server I use the IP address and it works. Here nothing goes. neither in FTP, nor in FTP TLS ...
    I am blocked by an unrecognized certificate.

    I don't understand. #TooNoob
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Using an IP must produce a ssl cert error on any system, so you probably did not use SSL/TLS on your old system then. If you use FTP without TLS, then an SSL cert can not block you. Try using FTP without TLS and then post the exact errors that FileZilla showed in the connect log window. Maybe you just use a wrong username (you must use the username incl prefix (e.g. c1test where c1 is the prefix and test the username) as shown in the FTP user list in ISPConfig.
  11. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    From the images you provided, it shows that you are connecting using some IP and not your server FQDN. In any event, check what is advised by @till above.
  12. FabCli

    FabCli New Member

    Thanks for your patience ;)
    Simple FTP configuration
    user and password ok, server address verified
    here is what the filezilla console says :

    Status:         Resolving address of xxxx.yyyyy.net
    Status:         Connecting to
    Status:         Connection established, waiting for welcome message...
    Status:         Plain FTP is insecure. Please switch to FTP over TLS. o_O
    Status:         Logged in
    Status:         Retrieving directory listing...
    Command:   PWD
    Response:    257 "/" is your current location
    Command:   TYPE I
    Response:    200 TYPE is now 8-bit binary
    Command:   PASV
    Response:    227 Entering Passive Mode (54,39,104,64,174,94)
    Command:   MLSD
    Error:           Connection timed out after 20 seconds of inactivity
    Error:           Failed to retrieve directory listing
  13. till

    till Super Moderator Staff Member ISPConfig Developer

  14. FabCli

    FabCli New Member

    ahrasis likes this.

Share This Page