LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   pure-ftpd with TLS and LetsEncrypt certificate (https://www.linuxquestions.org/questions/linux-server-73/pure-ftpd-with-tls-and-letsencrypt-certificate-4175613787/)

Ladowny 09-14-2017 10:01 AM

pure-ftpd with TLS and LetsEncrypt certificate
 
Hi

I'm trying to use LetsEncrypt certificate with my pure-ftpd server and can't firure one thing out.
One of the howtos says to edit the file
/etc/pure-ftpd/pure-ftpd.conf
adding
Code:

TLSCipherSuite          HIGH
CertFile                /etc/ssl/private/pure-ftpd.pem

I think this is the default location, but my LetsEncrypt certs are in /etc/letsencrypt/live/mydomain.com/fullchain.pem and I don't have /etc/pure-ftpd/pure-ftpd.conf config file

In my

Code:

/etc/pure-ftpd# l
total 32K
drwxr-xr-x  5 root root 4.0K Jun 11  2016 ./
drwxr-xr-x 127 root root  12K Sep 11 16:52 ../
drwxr-xr-x  2 root root 4.0K Jun 11  2016 auth/
drwxr-xr-x  2 root root 4.0K Sep 14 15:39 conf/
drwxr-xr-x  2 root root 4.0K Jun 11  2016 db/
-rw-r--r--  1 root root  230 Feb 25  2015 pureftpd-dir-aliases
/etc/pure-ftpd# l conf/
total 64K
drwxr-xr-x 2 root root 4.0K Sep 14 15:39 ./
drwxr-xr-x 5 root root 4.0K Jun 11  2016 ../
-rw-r--r-- 1 root root  36 Feb 25  2015 AltLog
-rw-r--r-- 1 root root    4 Jun 11  2016 BrokenClientsCompatibility
-rw-r--r-- 1 root root    4 Jun 11  2016 ChrootEveryone
-rw-r--r-- 1 root root    4 Jun 11  2016 DisplayDotFiles
-rw-r--r-- 1 root root    4 Jun 11  2016 DontResolve
-rw-r--r-- 1 root root    6 Feb 25  2015 FSCharset
-rw-r--r-- 1 root root    5 Feb 25  2015 MinUID
-rw-r--r-- 1 root root  29 Feb 25  2015 MySQLConfigFile
-rw-r--r-- 1 root root    4 Feb 25  2015 NoAnonymous
-rw-r--r-- 1 root root    4 Feb 25  2015 PAMAuthentication
-rw-r--r-- 1 root root  28 Feb 25  2015 PureDB
-rw-r--r-- 1 root root    2 Jun 11  2016 TLS
-rw-r--r-- 1 root root  18 Feb 25  2015 TLSCipherSuite
-rw-r--r-- 1 root root    3 Feb 25  2015 UnixAuthentication

I enable TLS with
Code:

echo 1 > /etc/pure-ftpd/conf/TLS
I know I could set up a cronjob copying my certificate to /etc/ssl/private/pure-ftpd.pem, but is there a way to specify different cert location ?

bathory 09-14-2017 11:52 AM

Quote:

I know I could set up a cronjob copying my certificate to /etc/ssl/private/pure-ftpd.pem, but is there a way to specify different cert location ?
No need for a cronjob. Sure you can specify a different path for the CertFile.
Or you can create a symlink from /etc/letsencrypt/live/mydomain.com/fullchain.pem to /etc/ssl/private/pure-ftpd.pem

Regards

Ladowny 09-17-2017 10:13 AM

Thanks, creating a symlink may be a good workaround, however /etc/letsencrypt/live/mydomain.com/fullchain.pem is a symlink alredy.
I'd rather specify a different path for the CertFile, but how do I do that ?

Don't have /etc/pure-ftpd/pure-ftpd.conf file. Tried just creating a file called "CertFile" in /etc/pure-ftpd/conf/ but got this error "pure-ftpd-mysql[12335]: Starting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/CertFile: No corresponding directive"

bathory 09-17-2017 12:30 PM

Quote:

Originally Posted by Ladowny (Post 5759774)
Thanks, creating a symlink may be a good workaround, however /etc/letsencrypt/live/mydomain.com/fullchain.pem is a symlink alredy.
I'd rather specify a different path for the CertFile, but how do I do that ?

Don't have /etc/pure-ftpd/pure-ftpd.conf file. Tried just creating a file called "CertFile" in /etc/pure-ftpd/conf/ but got this error "pure-ftpd-mysql[12335]: Starting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/CertFile: No corresponding directive"

I.m afraid the symlinmk is your only way to go, unless you want to re-compile pure-ftpd
According to the documentation, the certificate location is given at compile time.


All times are GMT -5. The time now is 11:41 PM.