All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Some question, letsencrypt, FTP server certificate unknown and cloudflare
mrlongshen
Member
Hello all. Recently i purchased domain in namecheap to play around.
Should I just used the namecheap advanced dns? Or move to cloudflare? What is your recommendation?
Current scenario, I used namecheap advanced dns and configure A record to point my vps IP. I I install letsencrypt to point my vps ip, But why its not encrypt my ftp server also?
What should I do? When i connect my hostname in filezilla it will a popup show should i trust blah blah blah.
Im bit confused how to encypt my ftp server? And can I open a ftp using browser?
Last, can I used many subdomain to point to other vps?
Example:
box1.lowendtalk.com point to 11.22.33.44
box2.lowendtalk.com point to 55.66.77.88
box3.lowendtalk.com point to 99.00.12.13
Please someone make it clear my question..
Comments
Letsencrypt validates via http. Usually the cert will get installed only to your webserver. So you should check your ftp server config, if the cert is configured and enabled
should we change the
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
?
>
Both should work fine for your usecase.
>
Make sure your ftp is reachable from domain.com, not a subdomain like ftp.domain.com. Then edit the configuration of your ftp server to use the let's encrypt ssl certificate you got for your webserver. Google a tutorial on how to do that.
Of course. Try it out yourself: ftp://speedtest.tele2.net/
Yes
Just check your ftp server config. Also modern browser support ftp usage. Just open your URL via ftp://
Maybe you should get more into letsencrypt first. The client puts a validation file on your vps and get requested by let's encrypt. As long as all ip addresses are on the same vps and the webserver is configured correctly, it should work. If each ip is on a different vps, you need to execute the letsencrypt client on each vps.
These should point to your letsencrypt files. Usually /etc/letsencrypt/live/YOUR DOMAIN/
>
>
Make sure you are actually using the letsencrypt certificate since the one in your picture surely wasn't issued by them.
@mksh @Sumeragi @Tion take a look on this, https://imgur.com/a/65DXr
Yeah I'm sure im using letsencrypt certificate.
Where are you getting this error? A quick search suggests that at least for filezilla thist message strangely seems to be intended behaiviour even for fully trusted certificates.
Pardon me, what do you means ?
I got this popup when connecting to to ftp server using filezilla.
https://forum.filezilla-project.org/viewtopic.php?t=25595
According to that post filezilla always displays that message even for fully valid certificates so i guess your setup is fine just filezilla acting a bit strange.
Ok. So that means I successful using my web certificate for ftp right ?
Seems like it, yes. Might be worth testing with a client that actually checks the certificate though.
@mksh I try using ftp://mydomain.xx not working ? Why ea?
Not working in what regard?
Try using google chrome. Its not working, should I edit something in /etc/vsftpd.conf
Thanks ! Yahoo
Tbh i have no idea. Searching around suggests that chrome (and neither firefox) supports ftps so unless your server offers an insecure fallback that might be the reason why it does not work.
ok ok nvm. Thanks you.
Well, FTP clients like Filezilla do not validate if the certificate is valid.
So even when you configured vsftp with a valid certificate like lets encrypt, the clients will still ask, if the cert should be accepted at the first connection.
Maybe a other ftp client does validate it, but filezilla is quite popular, no idea.
No problem, any time. Mistyped it btw, sorry. Of course i ment that neither Chrome nor FF seem to support ftps. See:
https://www.helpnetsecurity.com/2017/09/15/chrome-ftp-insecure/
https://bugzilla.mozilla.org/show_bug.cgi?id=85464