mod_tls/2.4.3 warning

[JuanCar]

Since I update my Plesk to 11.5 I get the next message in logwatch

mod_tls/2.4.3: no TLSRSACertificateFile, TLSDSACertificateFile, or TLSPKCS12File configured; unable to handle SSL/TLS connections

Clients can use FTP with no problema, but I would like to resolve this message.
My site has no SSL certificate, I dont need it.

Any idea?

Thanks

 

[IgorG]

Make sure that vendor of installed psa-proftpd package is Parallels:

# rpm -qi psa-proftpd | grep Vendor
Version : 1.3.4c Vendor: Parallels

 

[JuanCar]

Thanks.
No, the vendor is
Version : 1.3.4c Vendor: Atomic Rocket Turtle, http://www.atomicrocketturtle.com

I have not change the package by myself, I use the one provided in Plesk updates. And I've seen this warning after updating from 11.09 to 11.50. Why does it appear Turtle instead of Plesk?

 

[IgorG]

Looks like that you have enabled atomic repository for your yum. Try to use Parallels and OS vendor repositories only.

 

[JuanCar]

Yum repos???

Looks like that you have enabled atomic repository for your yum. Try to use Parallels and OS vendor repositories only.

I'm sure I have not modified my yum repository, I always update my system via plesk. so I don't know why is atomic in my yum repos.... I'll investigate it


Well but I suppose this message appears because I've enabled mod_tls in proFTPD, but I'm not a certificate in my server, is there any way to disable it? I dont use SFTP.

Thanks

 

[IgorG]

But it is just warning. Why are you so worried about it?

 

[JuanCar]

To avoid dirty logwatch messages

But it is just warning. Why are you so worried about it?

Because the message from logwatch is too dirty with this warning that tells me nothing useful, and because of that it's posible that I don't see important info.

Thanks

 

[IgorG]

Download and install psa-proftpd package for your OS from http://autoinstall.plesk.com/PSA_11.5.30/

 

[JuanCar]

Is there any other way?
I obey the basic rule in computer science: if runs don't touch
My last upgrade of Plesk caused me some headache!!
And by now ptoFTP is working Ok, the only problem is this long messages with no valuable info in my logwatch.


Thanks

 

[websavers]

Is there any other way?
I obey the basic rule in computer science: if runs don't touch
My last upgrade of Plesk caused me some headache!!
And by now ptoFTP is working Ok, the only problem is this long messages with no valuable info in my logwatch.


Thanks

I've worked around this issue by manually updating the proftpd config as follows:

add the following to your /etc/proftpd.include file between <IfModule mod_tls.c> and </IfModule>:

# Server's certificate
TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem

I've also submit a forum post to Atomicorp asking about a possible solution to this.

 

[websavers]

But it is just warning. Why are you so worried about it?

Actually it *should* be a problem if you're in any way concerned about security on the server. This is because standard FTP protocol transmits the login credentials in plaintext over the wire, leaving the FTP account ripe for sniffing and potential hacking / website misuse. This is why Plesk 11.5 has security features allowing us to configure Plesk not to allow anything but SSL/TSL FTPS connections.

If you enable that option in Plesk for optimal security (as we have) and use the ProFTPd packages from Atomicorp (which can be difficult to avoid considering installing php-fpm support in Plesk requires the Atomic repository) then your users can no longer connect via FTP as this warning actually causes the only connection mechanism allowed for FTP to fail.