I generated a Let’s Encrypt certificate for Virtualmin/webmin that I have setup to be used for SMTP/POP/IMAP services too but for FTP when I access the FTP server I get a warning of Filezilla stating it doesn’t recognise the certificate unless it’s well the good one ! I guess it’s missing the root certificate file no ? and if so how can I setup that in ProFTPd ?
If you request a cert for a host (virtual server), you can select to copy the cert to different subsystems like webmin.
I noticed that it sometimes doesnt properly work, so you need to edit the proftpd config yourself.
You need to at least unmark (remove the #) from this line:
Include /etc/proftpd/tls.conf
And you should make sure that “TLSCACertificateFile” path is set in the config.
The tls.conf should at least contain (unmarked):
<-IfModule mod_tls.c>
TLSEngine
TLSLog
TLSProtocol
TLSRSACertificateFile
TLSRSACertificateKeyFile
TLSOptions
TLSRequired
TLSRenegotiate
<-/IfModule>
If necessary, you need to enable TLSEngine and some others if they are pre-set to off.
The minus (-) after the < needs to be removed, I just needed to do that otherwise that line wouldnt be visible in the forum.
Thanks but you didn’t indicate the option to use with each parameter ! Here is what I have here. I think that I need an extra argument to indicate the root server of Let’s Encrypt as it uses well my certificate but doesn’t recognise it as valid in FTP clients as it misses the authority…
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/webmin/letsencrypt-cert.pem
TLSRSACertificateKeyFile /etc/webmin/letsencrypt-key.pem
TLSOptions NoCertRequest
TLSVerifyClient off
TLSLog /var/log/proftpd/tls.log
<IfModule mod_tls_shmcache.c>
TLSSessionCache shm:/file=/var/run/proftpd/sesscache
</IfModule>