Hi all, I've tried searching here for few hours now with a hope I will find the solution but no luck. Whenever I try to connect to my server using Filezilla I get this: Code: Status: Resolving address of mydomain.com Status: Connecting to myserverip:21... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Error: Connection timed out after 20 seconds of inactivity Error: Could not connect to server Status: Waiting to retry... Status: Resolving address of mydomain.com Status: Connecting to myserverip:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 1 of 50 allowed. Response: 220-Local time is now 14:57. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Response: 234 AUTH TLS OK. Status: Initializing TLS... Error: Connection timed out after 20 seconds of inactivity Error: Could not connect to server I followed this tutorial https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ and enabled LE on all services. Any suggestions?
Thanks for the reply! I assumed it was opened by ispconfig. This is what I need to do https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-denian-and-ubuntu-linux/ to open them?
This guide is not compatible with current ISPConfig installations and perfect server guides that use acme.sh as LE client instead of certbot. As you can read in the guide, ispconfig enables TLS for all services automatically now, so this guide is not necessary anyway. If you use the current ISPConfig version, then your issue is most likely caused by using this incompatible tutorial.
Thanks for the reply! I wasn't aware of this. So I wanted to start fresh because I need to move all of my websites eventually from old Debian 8 perfect setup. I downloaded latest Debian-10-Perfect-Server-Apache.ova https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/ Configured everything, updated Debian and ispconfig and was able to get SSL working on https://ispconfig.mydomain.com:8080 and it was automatically configured. Also one test domain works with web and email no issues. I'm still having issues with Initializing TLS... I've tried to follow the tutorial but I cannot find this section in ispconfig: Any suggestions?
It looks like it was turned off and that's why I could not find it. Do I still turn it on and enter: Code: 20,21,22,25,53,80,110,143,443,3306,8080,10000,40110:40210 ?
Then your issue is not related to this firewall. maybe your datacenter or cloud provider runs a firewall in front of your server which blocks the ports? or do you run it behind a router and these ports are not opened and forwarded to the server?
Its in a datacenter and they assured me that no firewall is implemented on their side. I never had any issues with the ports in the past with any other service. How can I else I can verify?
Check the syslog and pure ftpd log file to see if there are any other errors during connection. Maybe you have an issue with the tls cert and not a closed port?
This is really odd. I tried so many times yesterday and rebooted the server as well and it would be always stuck on Initializing TLS... Last night instead of "Use explicit FTP over TLS if available" I chose "Only use plain FTP (insecure)" and I transferred some file. Today I tried again "Use explicit FTP over TLS if available" it it actually connected and got below prompt. At this point everything seems to work except "The server's certificate is unknown" ?
Most likely your FTP client does not know LE certs then and needs a chain / bundle cert. Might be that the SSL bundle cert(s) are missing in the pem file that pure-ftpd is using.
Ok, I did not generate bundle cert(s). It came with image Debian-10-Perfect-Server-Apache.ova and it was generated by ispconfig I assume. /etc/ssl/private/pure-ftpd.pem is linked to /usr/local/ispconfig/interface/ssl/ispserver.pem and it appears to have correct chain / bundle cert. Do I need to modify something?
No, that should be fine then. Not sure why your FTP client complains. Personally, I would just accept the cert as it is if it's your server name. If you have reasons to believe that it might be wrong, you can check the fingerprint.
As confirmed by @till, if it was installed during ISPConfig installation your LE certs should be fine but just to make a note here, other than the ealier suspected port issues, I also suspected the disconnection that happened after trying to initialize TLS was because pure-ftpd.pem permission issue. I'll have to remember to ask for pure-ftpd-mysql status note to help troubleshoot similar problem better in the future since it may note something useful there as well.