Hi, I'm really new with aapanel and FTP and currently having trouble with renewing my expired SSL

Supposedly it should have auto renew but it suddenly stopped working and I just noticed it when a customer ask for validation. Then I tried several methods, which all result in failure:

1) Manually renew SSL - [FAILED: Authentication error]

2) Running Cron "Renew Lets Encrypt Certificate" - [FAILED: "No SSL cert found in 30 days]

3) Running Command as posted from https://www.aapanel.com/forum/d/1733-how-to-assign-lets-encrypt-panel-certificate-to-pure-ftpd-server/4 by jcn50 - [FAILED: "Permission Denied]

4) Rebooting Server - [FAILED - Could not access to FTP for one hour]

Really don't know what to do, please help me ☹️

Lionitch

  • Lionitch and aaPanel_Kern replied to this.

  • Lionitch
    After SSL is closed, you will be prompted to add txt records when you use DNS to verify the application. Do not close this window at this time. Copy relevant content to the domain name provider for txt record (or modification), wait about 10 minutes after it takes effect, and then go to the SSL window that is not closed for verification
    If you use file validation, you do not need to add txt records.
    If you uses CDN or redirect, you may not be able to apply and renew through file verification.

        5 days later

        Lionitch
        Hello, is the problem solved? This requires the TXT record of the domain name manually
        What information does FTP cannot be accessed? Is the 39000-40000 port open?

            4 days later

            Hi aaPanel_Kern , This issue haven't been solved yet.

            Sorry for my ignorance, but how can i make changes for the TXT record?

            For FTP, mainly we're using FileZilla for users to access their folder under port 28021 . And I don't see that 39000-40000 port is open. Is this necessary?

            Also, users having no issue accessing through FileZilla, however will shows warning message that SSL cert have expired as below:

            What should I do to renew the SSL cert? Thanks

                Lionitch
                Replace xxxxxxxxxxxx with the domain name of your website

                cp /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd.pem_ bak
cat /www/server/panel/vhost/letsencrypt/xxxxxxxxxxx/privkey.pem /www/server/panel/vhost/letsencrypt/xxxxxxxxxxx/cert.csr > /etc/ssl/private/pure-ftpd.pem
/etc/init. d/pure-ftpd restart

                Then close FileZilla and reopen it to access the ftp server

                    aaPanel_Kern

                    I try to run it with admin rights, but on (below line), I got "Permission Denied".

                    /www/server/panel/vhost/letsencrypt/ftp.xxxx.com.my/cert.csr > /etc/ssl/private/pure-ftpd.pem

                        Lionitch
                        Hello, this is a one line command, not two lines, use the following
                        cat /www/server/panel/vhost/letsencrypt/xxxxxxxxxxx/privkey.pem > /etc/ssl/private/pure-ftpd.pem
                        cat /www/server/panel/vhost/letsencrypt/xxxxxxxxxxx/cert.csr >> /etc/ssl/private/pure-ftpd.pem

                            aaPanel_Kern

                            Hi, okay i run all the command and its successful. Then I rebooted the system and reopen FileZilla, but the certificate is still expired.

                            I try to renew it again manually on /site and it show "Local Authentication failed"

                            I found that the value of Private Key doesn't change. And there's 3 value of certificate.
                            [-----BEGIN CERTIFICATE----- (x3 times)]
                            is it normal?

                            My SSL still can't be renewed. Please help :

                                Lionitch
                                Close the SSL application and reapply. The SSL of this site has expired. You need to add relevant txt records to the domain name provider's website
                                Do the previous ftp certificate after successfully applying for SSL

                                    aaPanel_Kern
                                    Hi just a quick question,

                                    1) By "reapply", does it mean to disable SSL then enable back?

                                    2) where can i get relevant TXT records from Let's Encrypt?

                                    so sorry im really new to all of this

                                        You can SSL from zerossl or amazon ssl get free 1 year ssl

                                        Lionitch
                                        After SSL is closed, you will be prompted to add txt records when you use DNS to verify the application. Do not close this window at this time. Copy relevant content to the domain name provider for txt record (or modification), wait about 10 minutes after it takes effect, and then go to the SSL window that is not closed for verification
                                        If you use file validation, you do not need to add txt records.
                                        If you uses CDN or redirect, you may not be able to apply and renew through file verification.

                                          @"aaPanel_Kern" @"aaP_4hidessh"
                                          Hi Kern and 4hidessh,

                                          Thank you for your help. My SSL have been renew now 😃

                                          a year later

                                          i cannot renew my let's encrypt ssl. CA server was unable to access my website!

                                          this the notification error:

                                          *The connection timed out and the CA server was unable to access your website!**

                                          Verify domain name:aduan.csirt.malangkota.go.id

                                          Verify URL:Click to view

                                          Verify content:mkRrR25c_HQUMsGftwBU9uTHz_x0oA3CbOfAQRMASEY

                                          Error code:103.135.14.84: Fetching http://aduan.csirt.malangkota.go.id/.well-known/acme-challenge/mkRrR25c_HQUMsGftwBU9uTHz_x0oA3CbOfAQRMASEY: Timeout during connect (likely firewall problem)

                                          Verify results: Verify failed

                                          Please anyone give me the solution. thanks

                                            Hello, it is recommended that you use DNS verification. The CA server cannot access your website.
                                            Do not close the verification interface when manually adding relevant records when applying. Wait for the records to take effect before clicking Verify.

                                            aaP_edardian

                                                Hello, it is generally possible. You need to modify the configuration file of the website, such as the information to connect to the database.

                                                aaP_edardian