Pure-FTP SSL Problem

Discussion in 'General' started by Donno, Oct 28, 2018.

  1. Donno

    Donno Member

    I have a server setup and created a new site file.example.com with net2ftp i want to setup pure-ftp to use this address

    Protocol : FTP
    Host : file.example.com
    Port :21

    Works fine no problem now for TLS/SSL

    Protocol : FTP SSL
    Host : file.example.com
    Port :21
    Works but local ssl cert used, so i want use the sites SSL cert file.example.com that let's encrypt uses

    Editing config in /etc/pure-ftpd/ does not help so set in terminal
    echo "1" > /etc/pure-ftpd/conf/TLS
    echo "HIGH" > /etc/pure-ftpd/conf/TLSCipherSuite
    echo "/var/www/clients/client1/web6/ssl/file.example.com.crt" > /etc/pure-ftpd/conf/CertFile

    When service pure-ftpd-mysql status there no CertFile variable in pure-FTP Wrapper file and after googling the path for SSL is set at compile
    So i make a symlink ln -s /etc/letsencrypt/live/file.example.com/fullchain.pem /etc/ssl/private/pure-ftpd.pem
    pure-ftpd-mysql status now gives me this error
    (?@?) [ERROR] TLS [/etc/ssl/private/pure-ftpd.pem](308): error:0906D06C:pEM routines:pEM_read_bio:no start line

    Any help please ?
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. Donno

    Donno Member

    mv /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd.pem.bak
    cat /etc/letsencrypt/live/file.example.com/privkey.pem /etc/letsencrypt/live/file.example.com/cert.pem /etc/letsencrypt/live/file.example.com/chain.pem > /etc/letsencrypt/live/file.example.com/full.pem
    chmod 700 /etc/letsencrypt/live/file.example.com/full.pem
    rm /etc/ssl/private/pure-ftpd.pem
    ln -s /etc/letsencrypt/live/file.example.com/full.pem /etc/ssl/private/pure-ftpd.pem
    /etc/init.d/pure-ftpd-mysql restart

    Thanks after reading the script i modified to work on my server

    If the cert expires is there a way for let's encrypt to auto generate
    cat /etc/letsencrypt/live/file.example.com/privkey.pem /etc/letsencrypt/live/file.example.com/cert.pem /etc/letsencrypt/live/file.example.com/chain.pem > /etc/letsencrypt/live/file.example.com/full.pem
     
  4. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    If you read its how-to in link shared by @Taleman, you should know that LE4ISPC comes in a complete set that covers automatic renewal for all other major services as well. You simply need to run the script as described in there, with or without your own changes.
     
  5. Donno

    Donno Member

    That is the problem, i don't want all the other services to be updated. If I read the script correctly it only works for hostname -f which in my case is ns1.example.com my ftp server is file.example.com, currently it is running on the same server but later i want it on a different ip.

    I see the script uses incron to run commands on file events i setup my own by
    apt-get install incron
    nano /etc/incron.allow
    root
    incrontab -l <-no table for root
    incrontab -e
    /etc/letsencrypt/archive/file.example.com/cert1.pem IN_MODIFY cat /etc/letsencrypt/live/file.example.com/privkey.pem /etc/letsencrypt/live/file.example.com/cert.pem > /etc/letsencrypt/live/file.example.com/full.pem
     
  6. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

  7. Donno

    Donno Member

    Thanks :)
     

Share This Page