Use Let's Encrypt certificate for ProFTPd?


I generated a Let’s Encrypt certificate for Virtualmin/webmin that I have setup to be used for SMTP/POP/IMAP services too but for FTP when I access the FTP server I get a warning of Filezilla stating it doesn’t recognise the certificate unless it’s well the good one ! I guess it’s missing the root certificate file no ? and if so how can I setup that in ProFTPd ?



If you request a cert for a host (virtual server), you can select to copy the cert to different subsystems like webmin.
I noticed that it sometimes doesnt properly work, so you need to edit the proftpd config yourself.
You need to at least unmark (remove the #) from this line:
Include /etc/proftpd/tls.conf
And you should make sure that “TLSCACertificateFile” path is set in the config.

The tls.conf should at least contain (unmarked):
<-IfModule mod_tls.c>
If necessary, you need to enable TLSEngine and some others if they are pre-set to off.
The minus (-) after the < needs to be removed, I just needed to do that otherwise that line wouldnt be visible in the forum.

Restart proftpd after that.

Thanks but you didn’t indicate the option to use with each parameter ! Here is what I have here. I think that I need an extra argument to indicate the root server of Let’s Encrypt as it uses well my certificate but doesn’t recognise it as valid in FTP clients as it misses the authority…

TLSEngine                     on
TLSRequired                   on
TLSRSACertificateFile         /etc/webmin/letsencrypt-cert.pem
TLSRSACertificateKeyFile      /etc/webmin/letsencrypt-key.pem
TLSOptions                    NoCertRequest
TLSVerifyClient               off
TLSLog                        /var/log/proftpd/tls.log
<IfModule mod_tls_shmcache.c>
  TLSSessionCache             shm:/file=/var/run/proftpd/sesscache

Problem solved :wink: I downloaded the root certificate from Let’s Encrypt website, saved in a file in my system and added that in ProFTPD configuration:

TLSCACertificateFile /etc/ssh/letsencrypt.root.cert.pem

And now no more warning from ftp client about certificate not trusted :wink:

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.