Letsencrypt and pure-ftpd

Discussion in 'Installation/Configuration' started by vm2014, Jan 20, 2016.

  1. vm2014

    vm2014 New Member

    After switching to letsencrypt certs I could not get pure-ftpd-mysql to start. I would attempt to start with service pure-ftpd-mysql start. No error messages were displayed, but running service pure-ftpd-mysql status showed not running.

    When setting up letsencrypt, I linked the /etc/ssl/private/pure-ftpd.pem file to the /etc/letsencrypt/mydomain.com/fullchain.pem file thinking it had everything pure-ftpd-mysql needed. Unfortunately the fullchain.pem does not include the private key.

    Testing with the old certificate worked. I had to make a new single file that included the fullchain.pem and the privkey.pem files. It appears the pure-ftpd.pem is a hard-coded single file location so I am unable to link to the files separately.

    The Fix:
    cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /etc/ssl/private/pure-ftpd.pem

    I hope this helps someone. Otherwise, Letsencrypt is working great on ISPConfig manually. I am excited to see it fully integrated in a future release.
    Ubuntu 14.04
    ISPConfig 3.0.5
     
    Last edited: Jan 20, 2016
  2. Soeldner

    Soeldner New Member

    it helped someone :) Thanks!

    # cat /etc/issue
    Debian GNU/Linux 8 \n \l
     
    linus likes this.
  3. NO^DICKHILL

    NO^DICKHILL New Member

    It also helped this someone... THANKS! :)
    (Ubuntu 14.04.5 LTS & ISPConfig 3.1.1p1)

    After looking at the old "pure-ftpd.pem" i thought that i had to combine either the "cert.pem" or "chain.pem" with the "privatekey.pem".
    But I never thought that I had to use the "fullchain.pem" since it had two certificates in the fil.
     
    Last edited: Nov 4, 2016
    mlmateos likes this.
  4. mlmateos

    mlmateos New Member

    The Fix:
    cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /etc/ssl/private/pure-ftpd.pem

    I hope this helps someone.

    Great Fix! Thanks!!!
     
  5. Jesse Norell

    Jesse Norell Well-Known Member

    And remember to create a cronjob to do that on a regular basis and restart ftpd (eg. nightly or weekly would work, short of actually testing if the certificate has changed)
     
  6. NO^DICKHILL

    NO^DICKHILL New Member

    Good idea to mention it! (o:
    (Since the certificates gets renewed after about a month.)


    If anyone can find it useful, I have added this line to crontab:
    0 6 * * * /etc/letsencrypt/certbot-auto -n renew --quiet --no-self-upgrade && cat /etc/letsencrypt/live/DOMAIN/privkey.pem /etc/letsencrypt/live/DOMAIN/fullchain.pem > /etc/ssl/private/pure-ftpd.pem && service pure-ftpd-mysql restart

    There is probably a better solution, but it works! (o:
    (Don't know if force-reload would be better?)
     
    CTS_AE likes this.
  7. CTS_AE

    CTS_AE New Member

    Thanks, this post helped me get Webstorm back to working with ftps. It wouldn't connect to the FTP server securely - it seems to not enjoy outdated certs as far as I can tell. I also forced secure connections only via this tutorial and thanks for the chron job! I've got mine running once a month now and piggybacked off of the certs that are already being generated from ISPConfig's cron job, so I'm not running the certbot.
     

Share This Page