Hi all, I'm loosing ftp functionality due to a strange issue. I have all my pureFTP not working because the ssl cert is 0 byte from 1 June at 00:00 I think it was linked to the LE certs. How can be possible? is there a way to loose a link to a file? Thanks Stefano
I haven't seen that yet, but maybe certbot cleaned something up and the link pointed to archive and not live (which is a symlink by itself). REcreate the symlink and point it to the live cert.
I tried to live and archive both.... but still the message: Code: pure-ftpd[1259]: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem] linking fullchain is correct? Code: # ls -la /etc/ssl/private/ totale 28 drwx--x--- 2 root ssl-cert 4096 giu 1 18:41 . drwxr-xr-x 4 root root 4096 mar 30 12:07 .. lrwxrwxrwx 1 root root 62 giu 1 18:41 pure-ftpd.pem -> /etc/letsencrypt/live/[hostname]/fullchain.pem -rw------- 1 root root 3071 apr 26 15:43 pure-ftpd.pem-back -rw-r--r-- 1 root root 7435 apr 27 02:36 pure-ftpd.pem.old -rw-r----- 1 root ssl-cert 1708 apr 26 15:08 ssl-cert-snakeoil.key Code: # service pure-ftpd-mysql status ● pure-ftpd-mysql.service Loaded: loaded (/etc/init.d/pure-ftpd-mysql; generated; vendor preset: enabled) Active: active (exited) since Fri 2018-06-01 18:12:15 CEST; 41min ago Docs: man:systemd-sysv-generator(8) Process: 1241 ExecStart=/etc/init.d/pure-ftpd-mysql start (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 4915) CGroup: /system.slice/pure-ftpd-mysql.service giu 01 18:12:15 [hostname] systemd[1]: Starting pure-ftpd-mysql.service... giu 01 18:12:15 [hostname] pure-ftpd-mysql[1241]: Starting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -A -H -8 UTF giu 01 18:12:15 [hostname] systemd[1]: Started pure-ftpd-mysql.service. giu 01 18:12:15 [hostname] pure-ftpd[1259]: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem] How it's possible? Seems pureftpd didn't see the link?
pure-ftpd expects to have the SSL key, the cert, and all chain certs together in the same file, one after another. Check the content of the file that you linked to if that's the case.
Yes, I remembered this... and, what is comic is the content of my fullchain1.pem.... It content the PRIVATE KEY!!!! How is this possible??????? I tried to rebuild it by cat cert and chain in it after i chained privkey and fullchain in pureftp.pem that now look correct... But the same error!!
Code: # cat /etc/ssl/private/pure-ftpd.pem -----BEGIN PRIVATE KEY----- MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoSTA0beya4e2R1Azv/ .......... O+/YxmLdwXQYy43CnlTTij/Fz74xRg== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIHGDCCBgCgAwIBAgISBIpsUC73oq8Fx74TemHotzUiMA0................ SAZzKQFMJI5Wyg2/MEdbKrUglduhSELZLYEtkGhtvTU1CVzK5KMZRzArYz0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ ............. KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== -----END CERTIFICATE----- Looks correct: privkey, cert, chain
I solved the service start, it seems the service was not stopped but simply doesn't loaded the cert, I tried with. service pure-ftpd-mysql start had to do service pure-ftpd-mysql restart or stop and start again. What is not solved is the issue that something put to 0 bytes the /etc/ssl/private/pure-ftpd.pem
Probably you run some kind of script for renewal of that cert, a standard ispconfig configuration does not use LE for pure-ftpd, and this might have done this.
I read a guide about that, and I did it when I installed the first machine on DO. I'm pretty sure I didn't set up a scrypt to do it. What is strange is the "01 June 00:00" file date... Maybe some error in the server? Could be?