I have a server with Debian 11 and pure-ftpd 1.0.49-4.1 and ispconfig 3.2.11 After a while and I think after installing OS updates and ispconfig updates pure-ftpd won't start anymore. It gives the error: Code: pure-ftpd[130609]: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem] So I double checked the file. Code: # ls -l /etc/ssl/private/pure-ftpd.pem lrwxrwxrwx 1 root root 48 Apr 1 12:57 /etc/ssl/private/pure-ftpd.pem -> /usr/local/ispconfig/interface/ssl/ispserver.pem # ls -l /usr/local/ispconfig/interface/ssl/ispserver.pem lrwxrwxrwx 1 root root 54 Feb 6 2023 /usr/local/ispconfig/interface/ssl/ispserver.pem -> /root/.acme.sh/server01.toerental.nl_ecc/fullchain.cer # ls -l /root/.acme.sh/server01.toerental.nl_ecc/fullchain.cer -rw-r--r-- 1 root root 5256 Aug 5 00:57 /root/.acme.sh/server01.toerental.nl_ecc/fullchain.cer I also copied the file from the /root/.acme.sh folder and put it in the location where the logs say it's missing [/etc/ssl/private/pure-ftpd.pem]. This also does not work. Same error. So I'm lost! Is this a bug? Do I mis something here? Any help would be great!
I suspect the .pem file does not hold both the certificate and key. PureFTPd gives a misleading error in that case. Check the .pem file.
You are correct. The key is not in the file. I can do this all manual but should ISPConfig deal with this? Or what is the best way of resolving this?
So I changed the config of pure-ftpd to use cert file and key file but still the same error. Code: CertFileAndKey "/etc/ssl/private/pure-ftpd.pem" "/etc/ssl/private/pure-ftpd.key" Any good idea's?
Ok now I'm totally lost... I created a new test.pem file with everything in it. ca, cert and key. Changed the pure-ftpd.conf file to piont to the test.pem file but I still get the error that it cannot find /etc/ssl/private/ssl/pure-ftpd.pem. Wait what?
Oke there is something serious wrong with pure-ftpd! pure-ftpd does NOT use the config file to read where the pem file is located!!! What you do is up to you but it is always looking in the location/file /etc/ssl/private/ssl/pure-ftpd.pem. Because the fullchain.cer that acme created does not include the key file pure-ftpd won't start!! Now that I have manually created the /etc/ssl/private/ssl/pure-ftpd.pem file and put all the certs in there it works. I guess I will file a issue with ISPConfig that we need todo some kind of manual or cronjob thing where we create a custom pem file for pure-ftpd.
This would not make much sense as you would report an issue with your specific install that does not happen on other systems. The file that ISPConfig uses for pure-ftpd is /usr/local/ispconfig/interface/ssl/ispserver.pem and it contains the key, ispconfig does not use fullchain.cer from acme.sh.
Could you help me then why ispserver.pem is pointing to the fullchain.cer file? (First post) I did nothing here... Just running ISPConfig and updating it. No manual changes to cert files and such. The ispconfig.pem file does not have the key in it. (In my situation)
I agree with @till. Only you could know what happened to your server and why there were such changes, we could not. Do trace it properly.
Basically ispconfig force update should fix it but if it does not, delete the ispserver.pem and try it again.
Aah I think I know what happend. The ispconfig_update.sh script is asking everytime "Create new ISPConfig SSL certificate (yes,no) [no]:". This time I answered yes and it created all the files and such. I said no in the past because the cert was valid and no recreation needed. Lesson learned but the actions behind the question are more then only creating new ISPConfig SSL certs. Anyway problem solved.
Yes. Always choose to create new ISPConfig SSL certs when asked especially if your problems are related to the SSL certs.
