Opened 6 weeks ago

Last modified 6 weeks ago

#12281 new Bug report

Let's encrypt certs aren’t uploaded via SFTP to /etc/letsencrypt/live correctly

Reported by: fischer Owned by:
Priority: high Component: FileZilla Client
Keywords: upload Cc: fischer
Component version: 3.50.0 Operating system type: Windows
Operating system version: 10

Description

I reported this bug on lets encrypt and was told that it's a Filezilla bug

Reproduction steps, taken from the internal documentation for my company, which I've written, doing dns verification method, on windows 10, uploading to centos, using latest version of Filezilla, over sftp.

  1. Download certbot for windows and run it in Powershell as administrator
  1. do this command

certbot certonly --manual --preferred-challenges=dns --email examil@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --manual-public-ip-logging-ok -d *.example.com -d example.com

  1. Once done the certificates will be downloaded to C:/Certbot, upload everything inside that folder to /etc/letsencrypt . Override all existing files in that folder, if that folder doesn't exist, create it.

Okay now when doing this

Note: make sure that the files inside C:\Certbot\live\example.com are uploaded correctly to /etc/letsencrypt/live/example.com because often filezilla fails to upload those

if I just upload what's in certbot folder to the empty /etc/letsencrypt/live/, only the readme file will be uploaded. All other files get uploaded correctly

If I then go to C:\Certbot\live\example.com And upload to /etc/letsencrypt/live/example.com everything gets uploaded correctly.

So it's not a permission error. Does anyone have a clue what's happening?

Attachments (1)

FileZilla.xml (3.1 KB ) - added by fischer 6 weeks ago.

Download all attachments as: .zip

Change History (5)

comment:1 by Tim Kosse, 6 weeks ago

Status: newmoreinfo

If it often fails it, it sometimes doesn't fail.

Please post a log of both a successful and a failed attempt to transfer the same file.

comment:2 by fischer, 6 weeks ago

Status: moreinfonew

I did it 4 times yesterday, it always failed, never succeded, apologies for saying "often", should've said "always".

Where's that log located on windows 10 so I could attach it?

comment:3 by Tim Kosse, 6 weeks ago

Status: newmoreinfo

At the upper part of the main window. Right-click to open the context menu and select the item to copy the contents.

by fischer, 6 weeks ago

Attachment: FileZilla.xml added

comment:4 by fischer, 6 weeks ago

Status: moreinfonew

Sorry for the late reply I was at work, here's the log, uploading to a different server, same problem, also I regenerated the certificates multiple times, same problem, logs here.

I also attached Filezilla.xml which has a list of the files that failed, in the failed tab, I exported that file.

Running Filezilla as an administrator does not fix the problem. According to to Let's encrypt support (link here), the files inside the "live" folder are symbolic links, therefore it seems that Filezilla cannot follow symbolic links

One more thing I'd like to be fixed as well, when I exported that file so that I can share it with you, it contained the hostname, the username, and password of my server, if I didn't notice that, anyone reading this public ticket would be able to hack me.

Please remove those details from that file, they don't need to be there in the first place, why would my password be written as a base64 encoded string in a file that lists all the failed file transfers?

Last edited 6 weeks ago by fischer (previous) (diff)
Note: See TracTickets for help on using tickets.