I have a server setup and created a new site file.example.com with net2ftp i want to setup pure-ftp to use this address Protocol : FTP Host : file.example.com Port :21 Works fine no problem now for TLS/SSL Protocol : FTP SSL Host : file.example.com Port :21 Works but local ssl cert used, so i want use the sites SSL cert file.example.com that let's encrypt uses Editing config in /etc/pure-ftpd/ does not help so set in terminal echo "1" > /etc/pure-ftpd/conf/TLS echo "HIGH" > /etc/pure-ftpd/conf/TLSCipherSuite echo "/var/www/clients/client1/web6/ssl/file.example.com.crt" > /etc/pure-ftpd/conf/CertFile When service pure-ftpd-mysql status there no CertFile variable in pure-FTP Wrapper file and after googling the path for SSL is set at compile So i make a symlink ln -s /etc/letsencrypt/live/file.example.com/fullchain.pem /etc/ssl/private/pure-ftpd.pem pure-ftpd-mysql status now gives me this error (?@?) [ERROR] TLS [/etc/ssl/private/pure-ftpd.pem](308): error:0906D06CEM routinesEM_read_bio:no start line Any help please ?
Read the script by @ahrasis that copies and symlinks the LE certificate for use by pure-ftpd and other services. https://github.com/ahrasis/LE4ISPC https://github.com/ahrasis/LE4ISPC/blob/769cc47a3f233b3fb24508065f384a0a8c348424/le4ispc.sh
mv /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd.pem.bak cat /etc/letsencrypt/live/file.example.com/privkey.pem /etc/letsencrypt/live/file.example.com/cert.pem /etc/letsencrypt/live/file.example.com/chain.pem > /etc/letsencrypt/live/file.example.com/full.pem chmod 700 /etc/letsencrypt/live/file.example.com/full.pem rm /etc/ssl/private/pure-ftpd.pem ln -s /etc/letsencrypt/live/file.example.com/full.pem /etc/ssl/private/pure-ftpd.pem /etc/init.d/pure-ftpd-mysql restart Thanks after reading the script i modified to work on my server If the cert expires is there a way for let's encrypt to auto generate cat /etc/letsencrypt/live/file.example.com/privkey.pem /etc/letsencrypt/live/file.example.com/cert.pem /etc/letsencrypt/live/file.example.com/chain.pem > /etc/letsencrypt/live/file.example.com/full.pem
If you read its how-to in link shared by @Taleman, you should know that LE4ISPC comes in a complete set that covers automatic renewal for all other major services as well. You simply need to run the script as described in there, with or without your own changes.
That is the problem, i don't want all the other services to be updated. If I read the script correctly it only works for hostname -f which in my case is ns1.example.com my ftp server is file.example.com, currently it is running on the same server but later i want it on a different ip. I see the script uses incron to run commands on file events i setup my own by apt-get install incron nano /etc/incron.allow root incrontab -l <-no table for root incrontab -e /etc/letsencrypt/archive/file.example.com/cert1.pem IN_MODIFY cat /etc/letsencrypt/live/file.example.com/privkey.pem /etc/letsencrypt/live/file.example.com/cert.pem > /etc/letsencrypt/live/file.example.com/full.pem
Noted. Tutorial to manually do all that is already published at https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate for your future reference.