ProFTPD Connection closed by server

SYSTEM INFORMATION
OS type and version CentOS Stream Linux 9
Virtualmin version 7.5

Hi, so this has been bothering me for quite some time now and i cannot find any information on what could be the root cause of this behavior. Don’t judge me, but i am really green in this field.

When trying to connect to the ftp 21 port server drops the connection. Telnet to port 21 works fine. The log from FileZilla is below.

Status:	Connecting to 111.11.11.11:21...
Status:	Connection established, waiting for welcome message...
Error:	Connection closed by server
Error:	Could not connect to server

proftpd status right after server starts below:

[root@web ~]# systemctl status proftpd
● proftpd.service - ProFTPD FTP Server
     Loaded: loaded (/usr/lib/systemd/system/proftpd.service; enabled; preset: disabled)
     Active: active (running) since Wed 2023-01-11 16:30:45 EST; 1min 9s ago
    Process: 1446 ExecStartPre=/usr/sbin/proftpd --configtest (code=exited, status=0/SUCCESS)
   Main PID: 1508 (proftpd)
      Tasks: 1 (limit: 10889)
     Memory: 6.3M
        CPU: 91ms
     CGroup: /system.slice/proftpd.service
             └─1508 "proftpd: (accepting connections)"

Jan 11 16:30:44 sub.domain.com proftpd[1446]: daemon[1446]: mod_dso/0.5: unable to load 'mod_tls.c'; check to see if '/usr/libexec/proftpd/mod_tls.la' exists
Jan 11 16:30:44 sub.domain.com proftpd[1446]: daemon[1446]: mod_dso/0.5: module 'mod_tls.c' already loaded
Jan 11 16:30:44 sub.domain.com proftpd[1446]: daemon[1446]: fatal: TLSOptions: : unknown TLSOption 'NoCertRequest' on line 10 of '/etc/proftpd/conf.d/virtualmi>
Jan 11 16:30:44 sub.domain.com proftpd[1446]: daemon[1446]: error: unable to open parse file '/etc/proftpd/conf.d/virtualmin.conf': Operation not permitted
Jan 11 16:30:45 sub.domain.com systemd[1]: Started ProFTPD FTP Server.
Jan 11 16:30:45 sub.domain.com proftpd[1508]: daemon[1508]: mod_dso/0.5: unable to load 'mod_tls.c'; check to see if '/usr/libexec/proftpd/mod_tls.la' exists
Jan 11 16:30:45 sub.domain.com proftpd[1508]: daemon[1508]: mod_dso/0.5: module 'mod_tls.c' already loaded
Jan 11 16:30:45 sub.domain.com proftpd[1508]: daemon[1508]: fatal: TLSOptions: : unknown TLSOption 'NoCertRequest' on line 10 of '/etc/proftpd/conf.d/virtualmi>
Jan 11 16:30:45 sub.domain.com proftpd[1508]: daemon[1508]: error: unable to open parse file '/etc/proftpd/conf.d/virtualmin.conf': Operation not permitted
Jan 11 16:30:45 sub.domain.com proftpd[1508]: daemon[1508] 111.11.11.11: ProFTPD 1.3.8 (stable) (built Mon Dec 5 2022 00:00:00 UTC) standalone mode STARTUP

proftpd status after i try to connect with FileZilla below:

● proftpd.service - ProFTPD FTP Server
     Loaded: loaded (/usr/lib/systemd/system/proftpd.service; enabled; preset: disabled)
     Active: active (running) since Wed 2023-01-11 16:30:45 EST; 2min 38s ago
    Process: 1446 ExecStartPre=/usr/sbin/proftpd --configtest (code=exited, status=0/SUCCESS)
   Main PID: 1508 (proftpd)
      Tasks: 1 (limit: 10889)
     Memory: 6.3M
        CPU: 102ms
     CGroup: /system.slice/proftpd.service
             └─1508 "proftpd: (accepting connections)"

Jan 11 16:33:01 sub.domain.com proftpd[2348]: session[2348] 111.11.111.11 (111.11.222.22[111.11.222.22]): [3] proftpd: (accepting connections)(modules_session_init+0x57) [0x55601d687727]
Jan 11 16:33:01 sub.domain.com proftpd[2348]: session[2348] 111.11.111.11 (111.11.222.22[111.11.222.22]): [4] proftpd: (accepting connections)(+0x3419e) [0x55601d66019e]
Jan 11 16:33:01 sub.domain.com proftpd[2348]: session[2348] 111.11.111.11 (111.11.222.22[111.11.222.22]): [5] proftpd: (accepting connections)(+0x34d59) [0x55601d660d59]
Jan 11 16:33:01 sub.domain.com proftpd[2348]: session[2348] 111.11.111.11 (111.11.222.22[111.11.222.22]): [6] proftpd: (accepting connections)(main+0x618) [0x55601d656318]
Jan 11 16:33:01 sub.domain.com proftpd[2348]: session[2348] 111.11.111.11 (111.11.222.22[111.11.222.22]): [7] /lib64/libc.so.6(+0x3feb0) [0x7f20b563feb0]
Jan 11 16:33:01 sub.domain.com proftpd[2348]: session[2348] 111.11.111.11 (111.11.222.22[111.11.222.22]): [8] /lib64/libc.so.6(__libc_start_main+0x80) [0x7f20b563ff60]
Jan 11 16:33:01 sub.domain.com proftpd[2348]: session[2348] 111.11.111.11 (111.11.222.22[111.11.222.22]): [9] proftpd: (accepting connections)(_start+0x25) [0x55601d656935]
Jan 11 16:33:01 sub.domain.com proftpd[2348]: session[2348] 111.11.111.11 (111.11.222.22[111.11.222.22]): -----END STACK TRACE-----
Jan 11 16:33:01 sub.domain.com proftpd[2348]: session[2348] 111.11.111.11 (111.11.222.22[111.11.222.22]): ProFTPD terminating (signal 11)
Jan 11 16:33:01 sub.domain.com proftpd[2348]: session[2348] 111.11.111.11 (111.11.222.22[111.11.222.22]): FTP session closed.

Seems like this is an obvious thing needing fixed. This option was recently removed from ProFTPd, and we didn’t notice. We’ve fixed it on new installs, but you’ll have to remove it from the file yourself in this case.

Hi Joe, thanks for the prompt reply. Just to clarify - i should remove Line 10 from /etc/proftpd/conf.d/virtualmin.conf file?
Or
Whole # Enable TLS part?

here is the first 25 lines

# chroot users into their home by default
DefaultRoot ~

# Enable TLS
LoadModule mod_tls.c
TLSEngine on
TLSRequired                   off
TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
TLSRSACertificateKeyFile /etc/pki/tls/private/proftpd.pem
TLSOptions                    NoCertRequest NoSessionReuseRequired
TLSVerifyClient               off
TLSLog                        /var/log/proftpd/tls.log
<IfModule mod_tls_shmcache.c>
  TLSSessionCache             shm:/file=/var/run/proftpd/sesscache
</IfModule>

# VirtualHost for SFTP (FTP over SSH) port
LoadModule mod_sftp.c
<VirtualHost 0.0.0.0>
  SFTPEngine on
  SFTPLog /var/log/proftpd/sftp.log

  # Configure the server to listen on 2222 (openssh owns 22)
  Port 2222

Just that one option “NoCertRequest”

I did that. However there is another issue now.

Filezilla log:

tatus:      	Resolving address of domain.com
Status:      	Connecting to 111.11.111.11:21...
Status:      	Connection established, waiting for welcome message...
Response: 	220 FTP Server ready.
Command:	AUTH TLS
Response: 	234 AUTH TLS successful
Status:      	Initializing TLS...
Error:        	The certificate requires the server to include an OCSP status in its response, but the OCSP status is missing.
Error:        	Received certificate chain could not be verified.
Status:      	Connection attempt failed with "ECONNABORTED - Connection aborted".
Error:        	Could not connect to server

proftpd status right after server starts:

● proftpd.service - ProFTPD FTP Server
     Loaded: loaded (/usr/lib/systemd/system/proftpd.service; enabled; preset: disabled)
     Active: active (running) since Wed 2023-01-11 19:30:41 EST; 13s ago
    Process: 3276 ExecStartPre=/usr/sbin/proftpd --configtest (code=exited, status=0/SUCCESS)
   Main PID: 3277 (proftpd)
      Tasks: 1 (limit: 10889)
     Memory: 2.2M
        CPU: 81ms
     CGroup: /system.slice/proftpd.service
             └─3277 "proftpd: (accepting connections)"

Jan 11 19:30:41 sub.domain.com systemd[1]: Starting ProFTPD FTP Server...
Jan 11 19:30:41 sub.domain.com proftpd[3276]: Checking syntax of configuration file
Jan 11 19:30:41 sub.domain.com proftpd[3276]: daemon[3276]: mod_dso/0.5: unable to load 'mod_tls.c'; check to see if '/usr/libexec/proftpd/mod_tls.la' exists
Jan 11 19:30:41 sub.domain.com proftpd[3276]: daemon[3276]: mod_dso/0.5: module 'mod_tls.c' already loaded
Jan 11 19:30:41 sub.domain.com systemd[1]: Started ProFTPD FTP Server.
Jan 11 19:30:41 sub.domain.com proftpd[3277]: daemon[3277]: mod_dso/0.5: unable to load 'mod_tls.c'; check to see if '/usr/libexec/proftpd/mod_tls.la' exists
Jan 11 19:30:41 sub.domain.com proftpd[3277]: daemon[3277]: mod_dso/0.5: module 'mod_tls.c' already loaded
Jan 11 19:30:41 sub.domain.com proftpd[3277]: daemon[3277] 111.11.111.11: ProFTPD 1.3.8 (stable) (built Mon Dec 5 2022 00:00:00 UTC) standalone mode STARTUP

proftpd status after connection attempt:

● proftpd.service - ProFTPD FTP Server
     Loaded: loaded (/usr/lib/systemd/system/proftpd.service; enabled; preset: disabled)
     Active: active (running) since Wed 2023-01-11 19:30:41 EST; 11min ago
    Process: 3276 ExecStartPre=/usr/sbin/proftpd --configtest (code=exited, status=0/SUCCESS)
   Main PID: 3277 (proftpd)
      Tasks: 1 (limit: 10889)
     Memory: 2.2M
        CPU: 266ms
     CGroup: /system.slice/proftpd.service
             └─3277 "proftpd: (accepting connections)"

Jan 11 19:30:41 sub.domain.com proftpd[3276]: daemon[3276]: mod_dso/0.5: unable to load 'mod_tls.c'; check to see if '/usr/libexec/proftpd/mod_tls.la' exists
Jan 11 19:30:41 sub.domain.com proftpd[3276]: daemon[3276]: mod_dso/0.5: module 'mod_tls.c' already loaded
Jan 11 19:30:41 sub.domain.com systemd[1]: Started ProFTPD FTP Server.
Jan 11 19:30:41 sub.domain.com proftpd[3277]: daemon[3277]: mod_dso/0.5: unable to load 'mod_tls.c'; check to see if '/usr/libexec/proftpd/mod_tls.la' exists
Jan 11 19:30:41 sub.domain.com proftpd[3277]: daemon[3277]: mod_dso/0.5: module 'mod_tls.c' already loaded
Jan 11 19:30:41 sub.domain.com proftpd[3277]: daemon[3277] 111.11.111.11: ProFTPD 1.3.8 (stable) (built Mon Dec 5 2022 00:00:00 UTC) standalone mode STARTUP
Jan 11 19:33:51 sub.domain.com proftpd[4117]: session[4117] 111.11.111.11 (111.11.222.22[111.11.222.22]): FTP session opened.
Jan 11 19:33:51 sub.domain.com proftpd[4117]: session[4117] 111.11.111.11 (111.11.222.22[111.11.222.22]): FTP session closed.

/var/log/proftpd/tls.log

(2) error:0A000197:SSL routines::shutdown while in init
  (1) error:0A000126:SSL routines::unexpected eof while reading
2023-01-11 19:56:24,234 mod_tls/2.9.2[8507]: SSL_shutdown error: SSL: 
2023-01-11 19:56:24,233 mod_tls/2.9.2[8507]: TLSv1.3 connection accepted, using cipher TLS_AES_256_GCM_SHA384 (256 bits)
2023-01-11 19:56:23,873 mod_tls/2.9.2[8507]: TLS/TLS-C requested, starting TLS handshake

After this happened i added the certificates to the config

TLSRSACertificateFile /etc/webmin/letsencrypt-cert.pem
TLSRSACertificateKeyFile /etc/webmin/letsencrypt-key.pem

And now I’m here when trying to connect:
Filezilla log:

Status:      	Resolving address of sub.domain.com
Status:      	Connecting to 111.11.111.11:21...
Status:      	Connection established, waiting for welcome message...
Status:      	Initializing TLS...
Status:      	TLS connection established.
Status:      	Logged in
Status:      	Retrieving directory listing...
Command:	PWD
Response: 	257 "/" is the current directory
Command:	TYPE I
Response: 	200 Type set to I
Command:	PORT 192,168,1,8,218,235
Response: 	200 PORT command successful
Command:	MLSD
Response: 	425 Unable to build data connection: Connection refused
Error:        	Failed to retrieve directory listing

The error is usually what happens with a self-signed certificate or other chain of trust issue, I think.

Is your client up to date? There was a whole thing a couple years ago, which still occasionally bites people with very old clients. Let's Encrypt's New Root and Intermediate Certificates - Let's Encrypt

The certificate is from LE.
Client is up to date.

This install was only couple months old but due to lack of knowledge on my end I could not troubleshoot what caused an issue so I did a fresh install on a new server. FTP works now also Let’s Encrypt cert request/renewal works now which wasn’t working before.

thank you