Hi, I'm really new with aapanel and FTP and currently having trouble with renewing my expired SSL Supposedly it should have auto renew but it suddenly stopped working and I just noticed it when a customer ask for validation. Then I tried several methods, which all result in failure: 1) Manually renew SSL - [FAILED: Authentication error] 2) Running Cron "Renew Lets Encrypt Certificate" - [FAILED: "No SSL cert found in 30 days] 3) Running Command as posted from https://www.aapanel.com/forum/d/1733-how-to-assign-lets-encrypt-panel-certificate-to-pure-ftpd-server/4 by jcn50 - [FAILED: "Permission Denied] 4) Rebooting Server - [FAILED - Could not access to FTP for one hour] Really don't know what to do, please help me ☹️ Lionitch

Lionitch Hello, is the problem solved? This requires the TXT record of the domain name manually What information does FTP cannot be accessed? Is the 39000-40000 port open?

Hi aaPanel_Kern , This issue haven't been solved yet. Sorry for my ignorance, but how can i make changes for the TXT record? For FTP, mainly we're using FileZilla for users to access their folder under port 28021 . And I don't see that 39000-40000 port is open. Is this necessary? Also, users having no issue accessing through FileZilla, however will shows warning message that SSL cert have expired as below: What should I do to renew the SSL cert? Thanks

Lionitch Replace xxxxxxxxxxxx with the domain name of your website cp /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd.pem_ bak cat /www/server/panel/vhost/letsencrypt/xxxxxxxxxxx/privkey.pem /www/server/panel/vhost/letsencrypt/xxxxxxxxxxx/cert.csr > /etc/ssl/private/pure-ftpd.pem /etc/init. d/pure-ftpd restart if(window.hljsLoader && !document.currentScript.parentNode.hasAttribute('data-s9e-livepreview-onupdate')) { window.hljsLoader.highlightBlocks(document.currentScript.parentNode); } Then close FileZilla and reopen it to access the ftp server

Could not renew expired SSL (Let's Encrypt)

Lionitch

aaPanel_Kern

I try to run it with admin rights, but on (below line), I got "Permission Denied".

/www/server/panel/vhost/letsencrypt/ftp.xxxx.com.my/cert.csr > /etc/ssl/private/pure-ftpd.pem

aaPanel_Kern

Lionitch
Hello, this is a one line command, not two lines, use the following
cat /www/server/panel/vhost/letsencrypt/xxxxxxxxxxx/privkey.pem > /etc/ssl/private/pure-ftpd.pem
cat /www/server/panel/vhost/letsencrypt/xxxxxxxxxxx/cert.csr >> /etc/ssl/private/pure-ftpd.pem

Lionitch

aaPanel_Kern

Hi, okay i run all the command and its successful. Then I rebooted the system and reopen FileZilla, but the certificate is still expired.

I try to renew it again manually on /site and it show "Local Authentication failed"

I found that the value of Private Key doesn't change. And there's 3 value of certificate.
[-----BEGIN CERTIFICATE----- (x3 times)]
is it normal?

My SSL still can't be renewed. Please help :

aaPanel_Kern

Lionitch
Close the SSL application and reapply. The SSL of this site has expired. You need to add relevant txt records to the domain name provider's website
Do the previous ftp certificate after successfully applying for SSL

Lionitch

aaPanel_Kern
Hi just a quick question,

1) By "reapply", does it mean to disable SSL then enable back?

2) where can i get relevant TXT records from Let's Encrypt?

so sorry im really new to all of this

aaPanel_Kern

Lionitch
After SSL is closed, you will be prompted to add txt records when you use DNS to verify the application. Do not close this window at this time. Copy relevant content to the domain name provider for txt record (or modification), wait about 10 minutes after it takes effect, and then go to the SSL window that is not closed for verification
If you use file validation, you do not need to add txt records.
If you uses CDN or redirect, you may not be able to apply and renew through file verification.

aaP_4hidessh

You can SSL from zerossl or amazon ssl get free 1 year ssl

Lionitch

@"aaPanel_Kern" @"aaP_4hidessh"
Hi Kern and 4hidessh,

Thank you for your help. My SSL have been renew now 😃

aaP_edardian

i cannot renew my let's encrypt ssl. CA server was unable to access my website!

this the notification error:

*The connection timed out and the CA server was unable to access your website!**

Verify domain name:aduan.csirt.malangkota.go.id

Verify URL:Click to view

Verify content:mkRrR25c_HQUMsGftwBU9uTHz_x0oA3CbOfAQRMASEY

Error code:103.135.14.84: Fetching http://aduan.csirt.malangkota.go.id/.well-known/acme-challenge/mkRrR25c_HQUMsGftwBU9uTHz_x0oA3CbOfAQRMASEY: Timeout during connect (likely firewall problem)

Verify results: Verify failed

Please anyone give me the solution. thanks

aaPanel_Kern

Hello, it is recommended that you use DNS verification. The CA server cannot access your website.
Do not close the verification interface when manually adding relevant records when applying. Wait for the records to take effect before clicking Verify.

aaP_edardian

aaPanel_Kern thanks for recomendation. It's not a firewall problem?

aaPanel_Kern

Hello, it is generally possible. You need to modify the configuration file of the website, such as the information to connect to the database.

aaP_edardian