ProFTPD - いっしぃの舘

ProFTPでTLSを有効にして、FTPS接続を可能にする方法です。OSはDebianLinux9です。

SSL証明書はLet’s Encryptで、certbotを使って生成します。参考サイトは以下のサイトです。

Let’s Encrypt 総合ポータル-コマンド解説（コマンドリファレンス）
https://letsencrypt.jp/command/

以下、certbotによるSSL証明書の作成とProFTPDの設定ファイル変更の記録です。※certbotのインストールは、certbotのトップページで、システムとOSを選べば説明が出てきます。

	ishidate@localhost:~$ sudo certbot certonly --standalone -d server.example.com
	Saving debug log to /var/log/letsencrypt/letsencrypt.log
	Plugins selected: Authenticator standalone, Installer None
	Obtaining a new certificate
	Performing the following challenges:
	http-01 challenge for server.example.com
	Waiting for verification...
	Cleaning up challenges

	IMPORTANT NOTES:
	- Congratulations! Your certificate and chain have been saved at:
	/etc/letsencrypt/live/server.example.com/fullchain.pem
	Your key file has been saved at:
	/etc/letsencrypt/live/server.example.com/privkey.pem
	Your cert will expire on 2018-11-17. To obtain a new or tweaked
	version of this certificate in the future, simply run certbot
	again. To non-interactively renew all of your certificates, run
	"certbot renew"
	- If you like Certbot, please consider supporting our work by:

	Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
	Donating to EFF: https://eff.org/donate-le

	ishidate@localhost:~$ diff /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.org
	15c15
	< ServerName "unkown"
	---
	> ServerName "Debian"
	37d36
	< DefaultRoot ~
	142d140
	< Include /etc/proftpd/tls.conf
	ishidate@localhost:~$ diff /etc/proftpd/tls.conf /etc/proftpd/tls.conf.original
	11d10
	< TLSEngine on
	59,61d57
	< TLSRSACertificateFile /etc/letsencrypt/live/server.example.com/cert.pem
	< TLSRSACertificateKeyFile /etc/letsencrypt/live/server.example.com/privkey.pem
	< TLSCACertificateFile /etc/letsencrypt/live/server.example.com/chain.pem

by GitHub

いっしぃの舘