Control Web Panel

WebPanel => FTP => Topic started by: become on September 30, 2017, 01:32:45 PM

Title: TLS problem
Post by: become on September 30, 2017, 01:32:45 PM

Hello.

I use Let's Encrypt SSL for domain.
When I connect to server via FTP server try to use TLS but I get error:

Server sent unsorted certificate chain in violation of the TLS specifications

How to fix it ?

Title: Re: TLS problem
Post by: 24x7servermanagement on October 01, 2017, 05:31:52 PM

I think, CA bundle is missing from the SSL Certificate, can you check your SSL here   https://www.sslshopper.com/  (https://www.sslshopper.com/)and confirm?

Title: Re: TLS problem
Post by: become on October 27, 2017, 12:28:10 PM

This is not certifate problem.
As I see there is no configuration for TLS in FTP config file.
This should be fixed by CWP developers.

Title: Re: TLS problem
Post by: Sandeep on October 27, 2017, 01:08:22 PM

Quote from: become on October 27, 2017, 12:28:10 PM

This is not certifate problem.
As I see there is no configuration for TLS in FTP config file.
This should be fixed by CWP developers.

try to restart ftp serve and check.

Title: Re: TLS problem
Post by: become on October 27, 2017, 05:23:54 PM

really
restart FTP is the answer from CWP staff ?

Can You tell me how restart could add missed configuration ?

As I can see for example here:
https://www.howtoforge.com/tutorial/pureftpd-tls-on-centos/

there is no
CertFile             
option in orginal config file pure-ftpd.conf on CWP panel

I found some info about PureFtp TLS and  Let'sEncrypt:
https://www.howtoforge.com/community/threads/letsencrypt-and-pure-ftpd.72000/
https://www.linuxquestions.org/questions/linux-server-73/pure-ftpd-with-tls-and-letsencrypt-certificate-4175613787/

Title: Re: TLS problem
Post by: studio4host on October 31, 2017, 02:01:24 PM

restart command will show you error message so its the place where to start when searching for issue.

if this is certificate related you can try to save your hostname again, it should generate required certificates.

Title: Re: TLS problem
Post by: Gogo on November 25, 2017, 09:40:40 AM

Same problem here, any fix for it? FTP only, SFTP works fine.

EDIT:  Ok, this helps. But that shouldn't be fix for CWP's problems.
https://www.howtoforge.com/tutorial/pureftpd-tls-on-centos/

Title: Re: TLS problem
Post by: yusofadibmanesh on May 29, 2018, 02:24:34 PM

yes. I think, CA bundle is missing from the SSL Certificate !

Title: Re: TLS problem
Post by: monkeyking on June 21, 2018, 05:29:52 PM

Any solution? I have the same issue. And I don't know if this related but my upload is very slow.

Title: Re: TLS problem
Post by: Zikx on September 21, 2018, 01:15:50 PM

I have the same issue. Please help!

Title: Re: TLS problem
Post by: justcurious on November 20, 2018, 06:39:30 PM

I followed the tutorial here: https://www.howtoforge.com/tutorial/pureftpd-tls-on-centos/ (https://www.howtoforge.com/tutorial/pureftpd-tls-on-centos/) and it worked for me.

You do need to edit the firewall configuration to add 30000:50000 to the TCP port range to prevent the firewall from locking you out:

Go to Security > CSF Firewall and click the button to 'Edit Configuration File'. Find:

Code: [Select]

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2030,2031,2082,2083,2086,2087,2095,2096"
 
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2030,2031,2082,2083,2086,2087,2095,2096,587,993,995"
and add 30000:50000 to to both lines

No, it isn't using the Letsencrypt SSL certificate, but so what ?  You can 'Require explicit FTP over TLS' and the files will transfer securely. The SSL certificate generated by following the tutorial is valid for 20 years, so your server is likely to be obsolete well before the certificate expires.

I do take the point that this is a fundamental requirement for FTP and it would be better if CWP automatically accommodated it, but for the price I've paid ($10 pa for CWP Pro), I'm not complaining. Last time I looked, cPanel was $200 PER YEAR !!

Title: Re: TLS problem
Post by: Loz702 on January 28, 2019, 06:02:44 AM

Quote from: justcurious on November 20, 2018, 06:39:30 PM

I followed the tutorial here: https://www.howtoforge.com/tutorial/pureftpd-tls-on-centos/ (https://www.howtoforge.com/tutorial/pureftpd-tls-on-centos/) and it worked for me.

You do need to edit the firewall configuration to add 30000:50000 to the TCP port range to prevent the firewall from locking you out:

Go to Security > CSF Firewall and click the button to 'Edit Configuration File'. Find:

Code: [Select]

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2030,2031,2082,2083,2086,2087,2095,2096"
 
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2030,2031,2082,2083,2086,2087,2095,2096,587,993,995"
and add 30000:50000 to to both lines

No, it isn't using the Letsencrypt SSL certificate, but so what ?  You can 'Require explicit FTP over TLS' and the files will transfer securely. The SSL certificate generated by following the tutorial is valid for 20 years, so your server is likely to be obsolete well before the certificate expires.

I do take the point that this is a fundamental requirement for FTP and it would be better if CWP automatically accommodated it, but for the price I've paid ($10 pa for CWP Pro), I'm not complaining. Last time I looked, cPanel was $200 PER YEAR !!

Hi

Is that a : or did you mean a comma? as the others are all commas

The REAL version of CWP may be $200, but these guys are modifying the real owners software, they've already received cease and desist orders which they've ignored.

Title: Re: TLS problem
Post by: Mihai on February 03, 2019, 11:40:42 PM

You have to use it like this:

Code: [Select]

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2030,2031,2082,2083,2086,2087,2095,2096,30000:50000"
 
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2030,2031,2082,2083,2086,2087,2095,2096,587,993,995,30000:50000"