Hi everyone, i'm having an issue with pure-ftpd, in the monitor for the main server the ftp server it appear offline. So i run a "systemctl status pure-ftpd-mysql", and i get the following error: Code: root@myserver:/# systemctl status pure-ftpd-mysql ● pure-ftpd-mysql.service Loaded: loaded (/etc/init.d/pure-ftpd-mysql; generated) Active: active (exited) since Mon 2022-08-15 20:55:40 CDT; 1h 0min ago Docs: man:systemd-sysv-generator(8) Process: 25732 ExecStart=/etc/init.d/pure-ftpd-mysql start (code=exited, status=0/SUCCESS) Aug 15 20:55:40 myserver systemd[1]: Starting pure-ftpd-mysql.service... Aug 15 20:55:40 myserver pure-ftpd-mysql[25732]: Starting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -p 40110:40210 -H -E -u 1000 -8 UTF-8 -Y 1 -b -D -J HIGH -O clf:/var/log/p Aug 15 20:55:40 myserver systemd[1]: Started pure-ftpd-mysql.service. Aug 15 20:55:40 myserver pure-ftpd[25742]: (?@?) [ERROR] TLS [/etc/ssl/private/pure-ftpd.pem](317): error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch checking in that route, the pem file is a symlink, but i'm not shure what to do? as a comment i'm not using a let's encrypt certificate for IPSConfig i've got a commodo cert, and i've updated last week Hope anyone can help me, thanks a lot.
Sorry forgot to said that i've already change also the files in the folder of ispconfig /usr/local/ispconfig/interface/ssl/ and that's where the symlink is pointing, sorry for not being to clear but i wrote the first message at 3 am. What i meant to ask is in which part do i also need to replace the Key file?, because last time i did it (2 years ago), i just replace it in the folder of ispconfig, and that was all.
pure-ftpd uses a combined ssl cert file which contains the key, the cert and the chain files. This file is not used by any other service, that's why only pure-ftpd fails. Fux that file by creating a new file that contains the key, cert, and chain certs in the same file, one after another.
Now checking again, and with a couple of hours of sleep y see that in the folder of the symlink there is a Key file, so i did a back up i replace it with the new one, and that sims to do the trick, becuse i don't get the error anymore. But thinking of it, would it be better for me if i change the key file to be a symlink to?, with that i wouldn't have this problem in the future any more, or do you don't recommend that?.
Well i don't have the error any more, but is still not working, for some reason in the monitor is still saying offline and the users can't connect, ofcourse. Till, if i'm not wrong, do you mean the creation of the pem file, right? if it so, i already create that file, is the one that the symlink is pointing to, or do you mean a different on?
Do you know how much time?, because its been 4 hours, and is still offline, the clients can't connect, and in the status for the pure-ftpd all it looks ok: Code: ● pure-ftpd-mysql.service Loaded: loaded (/etc/init.d/pure-ftpd-mysql; generated) Active: active (exited) since Tue 2022-08-16 13:20:03 CDT; 3h 7min ago Docs: man:systemd-sysv-generator(8) Process: 8984 ExecStart=/etc/init.d/pure-ftpd-mysql start (code=exited, status=0/SUCCESS) Aug 16 12:20:44 myserver systemd[1]: Starting pure-ftpd-mysql.service... Aug 16 12:20:45 myserver pure-ftpd-mysql[1147]: Starting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -p 40110:40210 -H -E -u 1000 -8 UTF-8 -Y 1 -b -D -J HIGH -O clf:/var/log/pure-ftpd/transfer.log -A -B Aug 16 12:20:45 myserver systemd[1]: Started pure-ftpd-mysql.service. I even reboot the server 3 hours ago, and nothing has change. There's not a log i could check in or something else?
Please run the test script and post the result: https://forum.howtoforge.com/threads/please-read-before-posting.58408/
Till i did what you ask and this is the result: Code: IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 10 (buster) [INFO] uptime: 10:44:42 up 22:24, 1 user, load average: 0.21, 0.19, 0.17 [INFO] memory: total used free shared buff/cache available Mem: 31Gi 3.5Gi 20Gi 227Mi 7.1Gi 27Gi Swap: 18Gi 0B 18Gi [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.8p1 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.3.31-1~deb10u1 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.3.31 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening [WARN] Port 21 (FTP server) seems NOT to be listening ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 3981) [INFO] I found the following mail server(s): Postfix (PID 1375) [INFO] I found the following pop3 server(s): Dovecot (PID 745) [INFO] I found the following imap server(s): Dovecot (PID 745) [WARN] I could not determine which ftp server is running. ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:10024 (1194/amavisd-new) [localhost]:10025 (1375/master) [localhost]:10026 (1194/amavisd-new) [localhost]:10027 (1375/master) [anywhere]:587 (1375/master) [localhost]:11211 (732/memcached) [localhost]:6379 (838/redis-server) [anywhere]:110 (745/dovecot) [anywhere]:143 (745/dovecot) [anywhere]:465 (1375/master) ***.***.***.***:53 (765/named) ***.***.***.***:53 (765/named) [localhost]:53 (765/named) [anywhere]:22 (787/sshd) [anywhere]:25 (1375/master) [localhost]:953 (765/named) [anywhere]:993 (745/dovecot) [anywhere]:995 (745/dovecot) [localhost]:11332 (853/rspamd:) [localhost]:11333 (853/rspamd:) [localhost]:11334 (853/rspamd:) [localhost]:10023 (957/postgrey) *:*:*:*::*:10024 (1194/amavisd-new) *:*:*:*::*:10026 (1194/amavisd-new) *:*:*:*::*:3306 (837/mysqld) *:*:*:*::*:2763 (3981/apache2) *:*:*:*::*:587 (1375/master) *:*:*:*::*:6379 (838/redis-server) [localhost]10 (745/dovecot) [localhost]43 (745/dovecot) *:*:*:*::*:80 (3981/apache2) *:*:*:*::*:8081 (3981/apache2) *:*:*:*::*:465 (1375/master) *:*:*:*::*:53 (765/named) *:*:*:*::*:22 (787/sshd) *:*:*:*::*:25 (1375/master) *:*:*:*::*:953 (765/named) *:*:*:*::*:443 (3981/apache2) *:*:*:*::*:993 (745/dovecot) *:*:*:*::*:995 (745/dovecot) *:*:*:*::*:11332 (853/rspamd:) *:*:*:*::*:11333 (853/rspamd:) *:*:*:*::*:11334 (853/rspamd:) *:*:*:*::*:10023 (957/postgrey) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination f2b-dovecot tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993,587,465,4190 f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:20 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:2763 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:10000 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:11334 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:10040 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:5432 Chain ufw-user-output (1 references) target prot opt source destination Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-dovecot (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 ##### LET'S ENCRYPT ##### Certbot is installed in /opt/eff.org/certbot/venv/bin/certbot For what can i see port 21 is closed but that shouldn't affect because pure-ftpd use ports 40110 to 40210, or i'm i wrong?
Port 21 must always be open for FTP. The other ports are just the passive port range. pure-ftpd seems still not to be running, restart 'pure-ftpd-mysql' service and then check its status and also check syslog if there are any errors listed there.
I've already stop the service, started, restarted, i did this yesterday also, but the result is the same, pure ftp appear to be active, but the port 21 in the result of the script seems NOT to be listening. Code: root@myserver:/# systemctl status pure-ftpd-mysql.service ● pure-ftpd-mysql.service Loaded: loaded (/etc/init.d/pure-ftpd-mysql; generated) Active: active (exited) since Wed 2022-08-17 13:04:43 CDT; 1h 12min ago Docs: man:systemd-sysv-generator(8) Process: 16687 ExecStart=/etc/init.d/pure-ftpd-mysql start (code=exited, status=0/SUCCESS) Aug 17 13:04:43 myserver systemd[1]: Starting pure-ftpd-mysql.service... Aug 17 13:04:43 myserver pure-ftpd-mysql[16687]: Starting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -p 40110:40210 -H -E -u 1000 -8 UTF-8 -Y 1 -b -D -J HIGH -O clf:/var/log/p Aug 17 13:04:43 myserver systemd[1]: Started pure-ftpd-mysql.service. lines 1-9/9 (END)
Check syslog and the pure ftpd logs if you get any additional error messages there when restarting pure-ftpd-mysql service.
I didn't get anything from the logs, so i went back to the "perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1", and run the steps in the point 13, to create the certs for pure-ftpd, and that did the trick. the weird thing is that if i check the pure-ftpd.pem file in /etc/ssl/private/ is still a symlink... , but now is working fine