+- Kodi Community Forum (https://forum.kodi.tv)
+-- Forum: Support (https://forum.kodi.tv/forumdisplay.php?fid=33)
+--- Forum: General Support (https://forum.kodi.tv/forumdisplay.php?fid=111)
+---- Forum: OS independent / Other (https://forum.kodi.tv/forumdisplay.php?fid=228)
+---- Thread: FTPS and (Let's Encrypt - Free SSL/TLS Certificates) (/showthread.php?tid=356821)
FTPS and (Let's Encrypt - Free SSL/TLS Certificates) - Doktor-X - 2020-09-01
Hello i cant get certs from Let's Encrypt to work, ftp server is filezilla and its running on Windows 10 Pro certs are ok since i use them for website and are working just fine i have full log for devs to try and help if can, log is from coreelec build running on my s912 tv box but same error i get when i try to use latest windows 64bit nightly runing on windows pc
https://paste.kodi.tv/qebokaziqo.kodi
RE: FTPS and (Let's Encrypt - Free SSL/TLS Certificates) - asavah - 2020-09-01
What certficate file is configured in filezilla?
cert.pem chain.pem fullchain.pem? Try fullchain.pem .
And of course the hostname you are connecting to should match the certificate.
RE: FTPS and (Let's Encrypt - Free SSL/TLS Certificates) - Doktor-X - 2020-09-01
after generating cert on zerossl.com i have downloaded zip with certs and inside of this zip is certificate.crt and certificate.key, so normal stuf nothing special. All this was working fine prior to last 2 or 3 90day renew's and now i have this strange problem
RE: FTPS and (Let's Encrypt - Free SSL/TLS Certificates) - asavah - 2020-09-01
if it was working "prior to last 2 or 3 90day renew's" one might think that something has changed in zerossl certficate chain.
The actual error is:
Code:
2020-09-01 20:58:03.268 T:4090958416 DEBUG: Curl::Debug - TEXT: TLSv1.2 (OUT), TLS alert, unknown CA (560):
2020-09-01 20:58:03.269 T:4090958416 DEBUG: Curl::Debug - TEXT: SSL certificate problem: unable to get local issuer certificateAnd btw zerossl is NOT letsencrypt as your thread title states.
Edit2:
you need to concatenate ca_bundle.crt and certificate.crt into one file eg. full.crt to create a proper trust chain and point filezilla to use that file instead of just certificate.crt.
Edit:
Code:
2020-09-01 20:58:03.191 T:4090958416 DEBUG: Curl::Debug - TEXT: CAfile: /run/libreelec/cacert.pemThis file might need an update, ask your OS developers on their forum.
RE: FTPS and (Let's Encrypt - Free SSL/TLS Certificates) - wsnipex - 2020-09-02
a proper CA should provide you with a trust chain file. Either in the server.pem or an extra file.
RE: FTPS and (Let's Encrypt - Free SSL/TLS Certificates) - Doktor-X - 2020-09-02
I have reissued certs and this time using certbot for windows client and not zerossl.com web client, and after adding generated .pem cert and key to filezilla i can access to server, but i cant access content inside of folders if i dont uncheck "Require TLS session resumption on data connection when using PROT P". Prior to all of that i think that in filezill that prot p option was selected but i gess when zerossl started to give out cert with ther name and not lets encrypt's like before something changed and broke my setup