Pure-FTPd Initializing TLS... error with The Perfect Server - Debian 10

Hi all,
I've tried searching here for few hours now with a hope I will find the solution but no luck.
Whenever I try to connect to my server using Filezilla I get this:

Code:

Status:    Resolving address of mydomain.com
Status:    Connecting to myserverip:21...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Error:    Connection timed out after 20 seconds of inactivity
Error:    Could not connect to server
Status:    Waiting to retry...
Status:    Resolving address of mydomain.com
Status:    Connecting to myserverip:21...
Status:    Connection established, waiting for welcome message...
Response:    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:    220-You are user number 1 of 50 allowed.
Response:    220-Local time is now 14:57. Server port: 21.
Response:    220-This is a private system - No anonymous login
Response:    220-IPv6 connections are also welcome on this server.
Response:    220 You will be disconnected after 15 minutes of inactivity.
Command:    AUTH TLS
Response:    234 AUTH TLS OK.
Status:    Initializing TLS...
Error:    Connection timed out after 20 seconds of inactivity
Error:    Could not connect to server

I followed this tutorial https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ and enabled LE on all services.
Any suggestions?

 

Are your ftp server (active and passive) ports set and opened?

 

Thanks for the reply!
I assumed it was opened by ispconfig.
This is what I need to do
https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-denian-and-ubuntu-linux/
to open them?

 

Thanks for the reply!
I wasn't aware of this. So I wanted to start fresh because I need to move all of my websites eventually from old Debian 8 perfect setup. I downloaded latest Debian-10-Perfect-Server-Apache.ova https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/
Configured everything, updated Debian and ispconfig and was able to get SSL working on https://ispconfig.mydomain.com:8080 and it was automatically configured. Also one test domain works with web and email no issues.

I'm still having issues with Initializing TLS... I've tried to follow the tutorial but I cannot find this section in ispconfig:

Any suggestions?

 

It looks like it was turned off and that's why I could not find it. Do I still turn it on and enter:

Code:

20,21,22,25,53,80,110,143,443,3306,8080,10000,40110:40210

?

 

Its in a datacenter and they assured me that no firewall is implemented on their side. I never had any issues with the ports in the past with any other service. How can I else I can verify?

 

This is really odd. I tried so many times yesterday and rebooted the server as well and it would be always stuck on Initializing TLS...
Last night instead of "Use explicit FTP over TLS if available" I chose "Only use plain FTP (insecure)" and I transferred some file. Today I tried again "Use explicit FTP over TLS if available" it it actually connected and got below prompt. At this point everything seems to work except "The server's certificate is unknown" ?

 

Ok, I did not generate bundle cert(s). It came with image Debian-10-Perfect-Server-Apache.ova and it was generated by ispconfig I assume.
/etc/ssl/private/pure-ftpd.pem is linked to /usr/local/ispconfig/interface/ssl/ispserver.pem and it appears to have correct chain / bundle cert.
Do I need to modify something?

 

Sounds good. Thank you for your help with this!

 

As confirmed by @till, if it was installed during ISPConfig installation your LE certs should be fine but just to make a note here, other than the ealier suspected port issues, I also suspected the disconnection that happened after trying to initialize TLS was because pure-ftpd.pem permission issue.

I'll have to remember to ask for pure-ftpd-mysql status note to help troubleshoot similar problem better in the future since it may note something useful there as well.

 

Thank you!