March 12, 20187 yr Hi, I'm using PureFTP with TLS since years for Froxlor with purchased SSL certificates. Now the certificate expired and I want to use Let's encrypt. Here is my suggestion for a more secure PureFTP configuration - in addition to the current parameters from the froxlor setup guide: Making TLS mandatory: echo "2" > /etc/pure-ftpd/conf/TLS Reduce the Ciphers to the secure ones: echo "HIGH:!aNULL:!LOW:!EXP:!RC4:!3DES:!SSLv3:!SSLv2" > /etc/pure-ftpd/conf/TLSCipherSuite Doing this every time the host certificates are updated (or once a night ;-) ): cat /etc/ssl/froxlor-custom/{{hostname}}.crt /etc/ssl/froxlor-custom/{{hostname}}_chain.pem /etc/ssl/froxlor-custom/{{hostname}}.key > /etc/ssl/private/pure-ftpd.pem systemctl restart pure-ftpd-mysql Maybe it's an option to make this part of the default configuration and integrate the certificate merging into the froxlor-cron? Any ideas how this could look like on different distributions (Gentoo / RHEL / Ubuntu)? Thanks for your feedback
March 12, 20187 yr current git version generates and stores the FULLCHAIN, as others wanted to use the certificate in other services
Archived
This topic is now archived and is closed to further replies.