Opened 4 years ago
Last modified 4 years ago
#12281 new Bug report
Let's encrypt certs aren’t uploaded via SFTP to /etc/letsencrypt/live correctly
| Reported by: | fischer | Owned by: | |
|---|---|---|---|
| Priority: | high | Component: | FileZilla Client |
| Keywords: | upload | Cc: | fischer |
| Component version: | 3.50.0 | Operating system type: | Windows |
| Operating system version: | 10 |
Description
I reported this bug on lets encrypt and was told that it's a Filezilla bug
Reproduction steps, taken from the internal documentation for my company, which I've written, doing dns verification method, on windows 10, uploading to centos, using latest version of Filezilla, over sftp.
- Download certbot for windows and run it in Powershell as administrator
- do this command
certbot certonly --manual --preferred-challenges=dns --email examil@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --manual-public-ip-logging-ok -d *.example.com -d example.com
- Once done the certificates will be downloaded to
C:/Certbot, upload everything inside that folder to/etc/letsencrypt. Override all existing files in that folder, if that folder doesn't exist, create it.
Okay now when doing this
Note: make sure that the files inside C:\Certbot\live\example.com are uploaded correctly to /etc/letsencrypt/live/example.com because often filezilla fails to upload those
if I just upload what's in certbot folder to the empty /etc/letsencrypt/live/, only the readme file will be uploaded. All other files get uploaded correctly
If I then go to C:\Certbot\live\example.com And upload to /etc/letsencrypt/live/example.com everything gets uploaded correctly.
So it's not a permission error. Does anyone have a clue what's happening?
Attachments (1)
Change History (5)
comment:1 by , 4 years ago
| Status: | new → moreinfo |
|---|
comment:2 by , 4 years ago
| Status: | moreinfo → new |
|---|
I did it 4 times yesterday, it always failed, never succeded, apologies for saying "often", should've said "always".
Where's that log located on windows 10 so I could attach it?
comment:3 by , 4 years ago
| Status: | new → moreinfo |
|---|
At the upper part of the main window. Right-click to open the context menu and select the item to copy the contents.
by , 4 years ago
| Attachment: | FileZilla.xml added |
|---|
comment:4 by , 4 years ago
| Status: | moreinfo → new |
|---|
Sorry for the late reply I was at work, here's the log, uploading to a different server, same problem, also I regenerated the certificates multiple times, same problem, logs here.
I also attached Filezilla.xml which has a list of the files that failed, in the failed tab, I exported that file.
Running Filezilla as an administrator does not fix the problem. According to to Let's encrypt support (link here), the files inside the "live" folder are symbolic links, therefore it seems that Filezilla cannot follow symbolic links
One more thing I'd like to be fixed as well, when I exported that file so that I can share it with you, it contained the hostname, the username, and password of my server, if I didn't notice that, anyone reading this public ticket would be able to hack me.
Please remove those details from that file, they don't need to be there in the first place, why would my password be written as a base64 encoded string in a file that lists all the failed file transfers?
If it often fails it, it sometimes doesn't fail.
Please post a log of both a successful and a failed attempt to transfer the same file.