PureFTPd TLS certificate does not update

Discussion in 'Server Operation' started by ifo, Oct 30, 2016.

  1. ifo

    ifo New Member

    we have an ISPConfig 3 server setup including the PureFTPd MySQL service. Our TLS certificate is about to expire and we decided to change the CA at the same time. Every other service (Apache, email etc) migrated to the new certificate successfully, but PureFTP did not.

    I replaced the contents of the /etc/ssl/private/pure-ftpd.pem with the new certificate and bundle (actually the pure-ftpd.pem is a symlink to /usr/local/ispconfig/interface/ssl/ispserver.crt). After restarting PureFTPd (/etc/init.d/pure-ftpd-mysql restart) the old certificate is still offered to clients connecting via FTP.

    Any suggestions? Thanks
  2. elmacus

    elmacus Active Member

    Only thing i can think of is you need both private and public key in the same file so your symlink sounds incorrect.
  3. ifo

    ifo New Member

    Tack and thanks for the suggestion. It seems that you are correct, the file should include the key too - I don't remember that had I or had I not included it in the old file, I should check my backups.

    Alas, it still has no effect. I then stopped the pure-ftpd-mysql -service, tried to connect and it connects (with the old certificate). I checked via
    lsof -i
    that pure-ftpd (without -mysql) is still running. I tried both
    service pure-ftpd restart
    /etc/init.d/pure-ftpd restart
    , but neither commands are found.
  4. ifo

    ifo New Member

    yesterday I had to restart the whole server and PureFTPd now uses the new certificate. I'm fairly sure that the PureFTPd restart commands are wrong, but I can't find the right ones. Luckily the new certificate is valid for three years

Share This Page