• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

FTP with TLS/SSL, certificate is not trusted

MicheleB

Regular Pleskian
Hello,
I'm trying to connect by FTP with TLS/SSL (passive mode) on the single hostings but every time my client (transmit) show me the alert "certificate is not trusted".

At the moment I'm using the free Wildcard Let's Encrypt associate with the main domain (e.g. mydomain.com) of the server, set in the "Certificate for securing Plesk" of the control panel as reported in this tech post:
Is it possible to install a certificate to secure FTP for a specific domain on Plesk server?

I also tried to change with the "professional" certificates "Positive SSL Wildcard" (*.mydomain.com) and "Positive SSL Multi Domain" ("mydomain.com" set to primary, "mail.mydomain.com" and "ftp.mydomain.com" set as SAN) but nothing, always the "certificate is not trusted" error.

In the "address" field of my ftp client I've used mydomain.com and ftp.mydomain.com format but the error is always the same.

How can I fix it?
Thanks.

2020-01-09_10-19-10.png 2020-01-09_10-21-17.png 2020-01-09_10-37-09.png
 
Ok, thanks, however the issue with Filezilla is about "unknown" certificate instead for me "is not trusted"... is the same thing?
Transmit asks me to validate it every time I open the ftp client (to avoid this error is necessary save the "not trusted" certification in the keychain of my Mac but for a "behaviour safe" I prefer to see the real value of the certification).
For my knowledge, do you have the same problem with your "FTP with TLS/SSL" connections?
 
Last edited:
I've opened a request also in the "Plesk Extensions -> SSL It! Extension" forum because someone told me about an intermediate certificate missing but I don't know if the suggestion is correct (I'd like to receive a reply from the tech assistance of this extension):
Important - SSL It! Extension
 
Ok, thanks, however the issue with Filezilla is about "unknown" certificate instead for me "is not trusted"... is the same thing?
Transmit asks me to validate it every time I open the ftp client (to avoid this error is necessary save the "not truested" certification in the keychain of my Mac but for a "behaviour safe" I prefer to see the real value of the certification).
For my knowledge, do you have the same problem with your "FTP with TLS/SSL" connections?
yes the same errors
 
Hello,
I'm trying to connect by FTP with TLS/SSL (passive mode) on the single hostings but every time my client (transmit) show me the alert "certificate is not trusted".

...

How can I fix it?
Thanks.

View attachment 16269 View attachment 16270 View attachment 16271

Hi MicheleB,

I also had the exact same problem. I solved it in this way:

On Transmit: Preferences -> Advanced -> Server (Default) -> Advanced: activated the check on "Use TLS v1.2 encryption".

Enjoy it!

Paolo
 
Hi MicheleB,

I also had the exact same problem. I solved it in this way:

On Transmit: Preferences -> Advanced -> Server (Default) -> Advanced: activated the check on "Use TLS v1.2 encryption".

Enjoy it!

Paolo

Thanks Paolo but unfortunately in my case your tip doesn't work ("Use TLS v.1.2 encryption" was already activated on Transmit).
I think it's a problem with "Let's Encrypt" certificate, managed/generated from the "SSL it!" extension but without an official reply from their technical support is impossible to me go beyond.
Anyway, thanks for the tip.
 
Thanks Paolo but unfortunately in my case your tip doesn't work ("Use TLS v.1.2 encryption" was already activated on Transmit).
I think it's a problem with "Let's Encrypt" certificate, managed/generated from the "SSL it!" extension but without an official reply from their technical support is impossible to me go beyond.
Anyway, thanks for the tip.

Have you installed and enabled recommended the two extensions (CA plugins) from SSL It !? In particular DigiCert SSL 1.5+. In my case I also enabled and synchronized TLS versions and ciphers by Mozilla (Modern configuration). I have your identical server and client configuration so I don't explain how it can't work.
 
The only configuration difference is that you use a Letsencrypt wildcard certificate for Plesk and for all domains. While I use a Letsencrypt certificate for Plesk and a specific Letsencrypt certificate for each domain. I don't think this could be the problem but you can give it a try.
 
I've tried all possible configurations but... nothing, always the alert "certificate is not trusted".
About the CA plugins, they're installed and enabled:
2020-01-15_16-47-45.png
 
@MicheleB Just as an alternative (depends on how many of your users you think can / would be suitable etc) Could you not switch to SFTP SSH2 - Key based authorisiation instead of FTP and Certificates? We have multiple *wildcard domains but we only use this method on them all and never have had any issues or problems. It's fast, it's very secure; you can restrict SSH access by IP in advance anyway & then there's the key based authorisiation afterwards etc. Works fine in Filezilla and on Macs too (both of which we use) Here's a Filezilla reference page: Howto - FileZilla Wiki if you wanted to read more / try it
 
@MicheleB Just as an alternative (depends on how many of your users you think can / would be suitable etc) Could you not switch to SFTP SSH2 - Key based authorisiation instead of FTP and Certificates? We have multiple *wildcard domains but we only use this method on them all and never have had any issues or problems. It's fast, it's very secure; you can restrict SSH access by IP in advance anyway & then there's the key based authorisiation afterwards etc. Works fine in Filezilla and on Macs too (both of which we use) Here's a Filezilla reference page: Howto - FileZilla Wiki if you wanted to read more / try it

Thanks, I'll take a look... however, the most frequent use on my server is to activate an ftp account to access specific folders of the hosting plan (not only the root but also subfolders as for example "/httpdocs/folder-share/"), using the Plesk "FTP access" function present in each dashboard and managed independently by clients... I don't think this is possible with SSH.
 
~~the most frequent use on my server is to activate an ftp account to access specific folders of the hosting plan (not only the root but also subfolders as for example "/httpdocs/folder-share/"), using the Plesk "FTP access" function present in each dashboard and managed independently by clients... I don't think this is possible with SSH
We don't require and/or use that type of restriction, but a very quick search would indicate that you probably can, albeit there's additional work to be done of course ;) e.g. SFTP does not restrict user to the subscription's directory Or Linux – Setting Up FTP/SFTP Restricted Access for User – Ryan and Debi & Toren etc
 
You need to manually setup the certificate in the IIS settings... IIS -> SRV - > Sites -> "Your FTP Site" -> FTP -> FTP SSL Settings

But you can only select one for all ftp connections :/

If you want no error message, you have to put the slected domain name or the IP Adress as server/host.

If you have a Let's Encrypt certificate, you have to do this like every month... (put a reminder in your calendar, lol)

Vote this feature here, it should fix the issue :

They should developp a little more the FTP section (...)

Cheers,
Dada'
 
Back
Top