pure-ftpd error

Discussion in 'ISPConfig 3 Priority Support' started by muekno, May 26, 2016.

  1. muekno

    muekno Member HowtoForge Supporter

    Installed web server as decribes in the ISPConfig3 Manual on debian jessie.
    pure-ftpd-mysql status says
    web pure-ftpd[11854]: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
    /etc/ssl/private/pure-ftpd.pem exist and looks good, see
    [email protected]:/etc/init.d# ll /etc/ssl/private/
    total 16
    drwx--x--- 2 root ssl-cert 4096 May 24 15:12 .
    drwxr-xr-x 4 root root 4096 May 24 14:18 ..
    -rw------- 1 root root 1704 May 26 08:52 pure-ftpd.pem
    -rw-r----- 1 root ssl-cert 1708 May 24 14:54 ssl-cert-snakeoil.key
    Found some threads about that, but no real solution.
    It's my first web server in multiserver enviorement on debian, before useing debian I had open SUSE 13.x, actuell the web/ftp server in may other multiserver enviorement on SUSE 13.2 runs fine.

    Thanks for hints

    Rainer
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Never had this error yet, my guess is that pure-ftpd reports a broken ssl cert as non existing. Try to create a new ssl cert for pure-ftpd.
     
  3. muekno

    muekno Member HowtoForge Supporter

    I generated a new certificate useing description on page 24 of ISPConfig manual, same error. Replacing the cerificate with a official startsll, accepted by apache, same problem.
    Additional questions, where ist the path and fllename /etc/ssl/private/pure-ftpd.pem defined, can't find any .conf. Where should be the correspondig .crt and chain file like on apache. As I remember on SUSE I needed this. FTP on my SUSE ISPConfig WEB Servers worked fine.
    All the configuration of the pure-ftpd-mysql seam quite suspect to me. Did some research on Google, could not find solution.

    Thanks for more help Rainer
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    A .pem file as used by e.g. dovecot and pue-ftpd contains the key, the crt and all intermediate certs. The ssl path is the default of pure-ftpd, it does not need to be configured.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Btw, thats how the permissions look like on a working server:

    ls -la /etc/ssl/private/
    total 16
    drwx--x--- 2 root ssl-cert 4096 Apr 19 12:38 .
    drwxr-xr-x 4 root root 4096 Apr 19 12:27 ..
    -rw------- 1 root root 3054 Apr 19 12:38 pure-ftpd.pem
    -rw-r----- 1 root ssl-cert 1704 Feb 19 07:19 ssl-cert-snakeoil.key
     
  6. muekno

    muekno Member HowtoForge Supporter

    Ok but if I follow page 24 in the ISPConfig manual the pure-ftpd.pem is shorter than yours, see my above ls -la /etc/ssl/private and it contains as normaly expected only the private key generated by
    openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
    There ist a certificate dumped to console at the end, but not noted what do do with it in the mananual nor other whowtos. So as /etc/ssl/private/pure-ftpd.pem ist only the private key, I understand pure-ftpd has a problem, but who to get the correct .pem file

    By the way dovecot.conf knows a .key and a .cert file
    /etc/dovecot/dovecot.conf mail server install about 2 weeks ago with debian jessie in multiserver envioremen, working without any problems
    ....
    mail_privileged_group = vmail
    ssl_cert = </etc/postfix/smtpd.cert
    ssl_key = </etc/postfix/smtpd.key

    ssl_protocols = !SSLv2 !SSLv3
    passdb {
    args = /etc/dovecot/dovecot-sql.conf
    driver = sql
    }
    ....

    Rainer
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The tutorial instructs you to run this command:

    Code:
    openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
    and this command adds the key and the cert into the same file, just tested it again. So you must have made a mistake while executing the command when it misses in your .pem file.

    Regarding dovecot: the key is separate but the cert.pem file contains the intermediate files like pure-ftpd. From dovecot manual:

     
    Last edited: May 28, 2016

Share This Page