Hello, i need to disable SSL / TLS on pureftp because need to import from a webpage a ftp plain url that need to skip certificate check it would be amazing if i can create a new ftp "unsecure" connection in a separate custom port to keep system safe but have this import working. Fatal error: Certificate verification: Not trusted (BF:B2:C8:27E:30:FD:FC:F2:81:5A:6B:BF:27:E03:97:ED:33:3F) Thank you
This can not be configured by connection, you can only configure it globally to allow both FTP and FTPS (TLS) connections. Edit the file /etc/pure-ftpd/conf/TLS and set the value in this file to 1, then restart pure-ftpd-mysql. See Chapter 3 for available values: https://www.howtoforge.com/how-to-configure-pureftpd-to-accept-tls-sessions-on-debian-lenny
It is not a good practise to use unsecure connection though that is possible. If your problem is only the certificates that are not trusted, you can certainly resolve that and there are a lot of discussions on this forum that you can read to achieve that.
can you please give a link to a step by step guide to create certificate that will not show errors? because i gave to ispconfig .local host name and it's using a .local name on the certificate, so if i can name ispconfig publicly i can also issue a let's encrypt certificate. Thank you
That usually can be achieved by default using ISPConfig installer. Simply run a force update ispconfig, choose SSL during the process and you are done i.e. should be able to have secure connection for FTP using your ISPConfig server FQDN.
Ok, so you set the wrong hostname in your server before you installed ISPConfig which now causes you issues with all services that use SSL like the FTP server. To fix that, correct the wrong hostname in the files /etc/hostname and /etc/hosts, restart the server and then run the command: ispconfig_update.sh --force as @ahrasis suggested and choose to reconfigure services and to create a new SSL cert during update when the installer asks. But take care that the new hostname you have chosen really points to your server in DNS and that it is reachable from the internet on port 80, as Let#s encrypt will contact your server for verification before it issues the cert.
