Author Topic: TLS problem  (Read 24591 times)

0 Members and 1 Guest are viewing this topic.

Offline
***
TLS problem
« on: September 30, 2017, 01:32:45 PM »
Hello.

I use Let's Encrypt SSL for domain.
When I connect to server via FTP server try to use TLS but I get error:

Server sent unsorted certificate chain in violation of the TLS specifications

How to fix it ?

Offline
***
Re: TLS problem
« Reply #1 on: October 01, 2017, 05:31:52 PM »
I think, CA bundle is missing from the SSL Certificate, can you check your SSL here  https://www.sslshopper.com/ and confirm?
https://www.24x7servermanagement.com/
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !!

Offline
***
Re: TLS problem
« Reply #2 on: October 27, 2017, 12:28:10 PM »
This is not certifate problem.
As I see there is no configuration for TLS in FTP config file.
This should be fixed by CWP developers.

Offline
*****
Re: TLS problem
« Reply #3 on: October 27, 2017, 01:08:22 PM »
This is not certifate problem.
As I see there is no configuration for TLS in FTP config file.
This should be fixed by CWP developers.
try to restart ftp serve and check.

Offline
***
Re: TLS problem
« Reply #4 on: October 27, 2017, 05:23:54 PM »
really
restart FTP is the answer from CWP staff ?

Can You tell me how restart could add missed configuration ?

As I can see for example here:
https://www.howtoforge.com/tutorial/pureftpd-tls-on-centos/

there is no
CertFile             
option in orginal config file pure-ftpd.conf on CWP panel

I found some info about PureFtp TLS and  Let'sEncrypt:
https://www.howtoforge.com/community/threads/letsencrypt-and-pure-ftpd.72000/
https://www.linuxquestions.org/questions/linux-server-73/pure-ftpd-with-tls-and-letsencrypt-certificate-4175613787/
« Last Edit: October 27, 2017, 05:31:45 PM by become »

Offline
*
Re: TLS problem
« Reply #5 on: October 31, 2017, 02:01:24 PM »
restart command will show you error message so its the place where to start when searching for issue.

if this is certificate related you can try to save your hostname again, it should generate required certificates.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
**
Re: TLS problem
« Reply #6 on: November 25, 2017, 09:40:40 AM »
Same problem here, any fix for it? FTP only, SFTP works fine.

EDIT:  Ok, this helps. But that shouldn't be fix for CWP's problems.
https://www.howtoforge.com/tutorial/pureftpd-tls-on-centos/
« Last Edit: November 25, 2017, 09:49:04 AM by Gogo »

Offline
*
Re: TLS problem
« Reply #7 on: May 29, 2018, 02:24:34 PM »
yes. I think, CA bundle is missing from the SSL Certificate !
آموزش تری دی مکس رساله معماری
https://www.3dmaxfars.ir
https://www.vrayshop.ir

Offline
**
Re: TLS problem
« Reply #8 on: June 21, 2018, 05:29:52 PM »
Any solution? I have the same issue. And I don't know if this related but my upload is very slow.

Offline
*
Re: TLS problem
« Reply #9 on: September 21, 2018, 01:15:50 PM »
I have the same issue. Please help!

Offline
*
Re: TLS problem
« Reply #10 on: November 20, 2018, 06:39:30 PM »
I followed the tutorial here: https://www.howtoforge.com/tutorial/pureftpd-tls-on-centos/ and it worked for me.

You do need to edit the firewall configuration to add 30000:50000 to the TCP port range to prevent the firewall from locking you out:

Go to Security > CSF Firewall and click the button to 'Edit Configuration File'. Find:
Code: [Select]
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2030,2031,2082,2083,2086,2087,2095,2096"
 
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2030,2031,2082,2083,2086,2087,2095,2096,587,993,995"

and add 30000:50000 to to both lines

No, it isn't using the Letsencrypt SSL certificate, but so what ?  You can 'Require explicit FTP over TLS' and the files will transfer securely. The SSL certificate generated by following the tutorial is valid for 20 years, so your server is likely to be obsolete well before the certificate expires.

I do take the point that this is a fundamental requirement for FTP and it would be better if CWP automatically accommodated it, but for the price I've paid ($10 pa for CWP Pro), I'm not complaining. Last time I looked, cPanel was $200 PER YEAR !!

Offline
*
Re: TLS problem
« Reply #11 on: January 28, 2019, 06:02:44 AM »
I followed the tutorial here: https://www.howtoforge.com/tutorial/pureftpd-tls-on-centos/ and it worked for me.

You do need to edit the firewall configuration to add 30000:50000 to the TCP port range to prevent the firewall from locking you out:

Go to Security > CSF Firewall and click the button to 'Edit Configuration File'. Find:
Code: [Select]
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2030,2031,2082,2083,2086,2087,2095,2096"
 
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2030,2031,2082,2083,2086,2087,2095,2096,587,993,995"

and add 30000:50000 to to both lines

No, it isn't using the Letsencrypt SSL certificate, but so what ?  You can 'Require explicit FTP over TLS' and the files will transfer securely. The SSL certificate generated by following the tutorial is valid for 20 years, so your server is likely to be obsolete well before the certificate expires.

I do take the point that this is a fundamental requirement for FTP and it would be better if CWP automatically accommodated it, but for the price I've paid ($10 pa for CWP Pro), I'm not complaining. Last time I looked, cPanel was $200 PER YEAR !!

Hi

Is that a : or did you mean a comma? as the others are all commas

The REAL version of CWP may be $200, but these guys are modifying the real owners software, they've already received cease and desist orders which they've ignored.

Offline
*
Re: TLS problem
« Reply #12 on: February 03, 2019, 11:40:42 PM »
You have to use it like this:
Code: [Select]
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2030,2031,2082,2083,2086,2087,2095,2096,30000:50000"
 
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2030,2031,2082,2083,2086,2087,2095,2096,587,993,995,30000:50000"