ProFTP no longer working

Hi!

Today I noticed that I can no longer access my HestiaCP using FTP. Yesterday it was still running. But I did a reboot today after installing updates. Since then I noticed the issue.
I am using the ProFTP server.
According to HestiaCP the service is not running. I logged in to the system and tried to start it manually (service proftpd start) but was told that the service is masked for
I unmasked the service (systemctl unmask proftpd.socket and systemctl unmask proftpd.service).
Afterwards I was able to start it again, but HestiaCP still shows the service as not running and a login via FTP is not possible.
I updated the ProFTP package a week ago, but have rebooted the server a couple of times sinc then - so it shouldn’t have anything to do with that update.

I am running Ubuntu 22.04.5.

dpkg install/update log:

root@digioso:/var/log# egrep -e 'upgrade|install ' /var/log/dpkg.log | sort | cut -f1,2,3,4 -d' '
2024-10-02 06:47:13 upgrade bubblewrap:arm64
2024-10-02 06:47:34 upgrade vim:arm64
2024-10-02 06:47:35 upgrade vim-common:all
2024-10-02 06:47:35 upgrade vim-runtime:all
2024-10-02 06:47:35 upgrade vim-tiny:arm64
2024-10-02 06:47:45 upgrade xxd:arm64
2024-10-10 06:08:04 upgrade libfontembed1:arm64
2024-10-10 06:08:16 upgrade cups-browsed:arm64
2024-10-10 06:08:28 upgrade cups-filters-core-drivers:arm64
2024-10-10 06:08:28 upgrade cups-filters:arm64
2024-10-10 06:08:43 upgrade libcupsfilters1:arm64
2024-10-11 06:27:44 upgrade ubuntu-advantage-desktop-daemon:arm64
2024-10-11 06:27:58 install linux-oracle-6.8-headers-6.8.0-1013:all
2024-10-11 06:28:03 install linux-headers-6.8.0-1013-oracle:arm64
2024-10-11 06:28:04 install linux-modules-6.8.0-1013-oracle:arm64
2024-10-11 06:28:05 install linux-image-6.8.0-1013-oracle:arm64
2024-10-11 06:28:06 install linux-oracle-6.8-tools-6.8.0-1013:arm64
2024-10-11 06:28:06 upgrade linux-headers-oracle:arm64
2024-10-11 06:28:06 upgrade linux-image-oracle:arm64
2024-10-11 06:28:06 upgrade linux-oracle:arm64
2024-10-11 06:28:07 install linux-tools-6.8.0-1013-oracle:arm64
2024-10-11 06:28:38 upgrade libgsf-1-common:all
2024-10-11 06:28:49 upgrade libgsf-1-114:arm64
2024-10-18 06:24:16 install linux-oracle-6.8-headers-6.8.0-1014:all
2024-10-18 06:24:22 install linux-headers-6.8.0-1014-oracle:arm64
2024-10-18 06:24:24 install linux-modules-6.8.0-1014-oracle:arm64
2024-10-18 06:24:25 install linux-image-6.8.0-1014-oracle:arm64
2024-10-18 06:24:26 install linux-oracle-6.8-tools-6.8.0-1014:arm64
2024-10-18 06:24:26 install linux-tools-6.8.0-1014-oracle:arm64
2024-10-18 06:24:26 upgrade linux-headers-oracle:arm64
2024-10-18 06:24:26 upgrade linux-image-oracle:arm64
2024-10-18 06:24:26 upgrade linux-oracle:arm64
2024-10-18 06:24:59 upgrade linux-tools-common:all
2024-10-18 06:25:14 upgrade libarchive13:arm64
2024-10-18 06:25:27 upgrade linux-libc-dev:arm64
2024-10-19 10:00:15 upgrade php-memcached:arm64
2024-10-19 10:00:15 upgrade php8.2-igbinary:arm64
2024-10-19 10:00:15 upgrade php8.3-igbinary:arm64
2024-10-19 10:00:16 install php8.4-cli:arm64
2024-10-19 10:00:16 install php8.4-common:arm64
2024-10-19 10:00:16 install php8.4-igbinary:arm64
2024-10-19 10:00:16 install php8.4-opcache:arm64
2024-10-19 10:00:16 install php8.4-phpdbg:arm64
2024-10-19 10:00:16 install php8.4-readline:arm64
2024-10-19 10:00:16 upgrade php8.3-memcached:arm64
2024-10-19 10:00:17 install php8.4-memcached:arm64
2024-10-19 10:00:17 install php8.4-msgpack:arm64
2024-10-19 10:00:17 install php8.4-redis:arm64
2024-10-19 10:00:17 upgrade php-redis:arm64
2024-10-19 10:00:17 upgrade php8.1-imagick:arm64
2024-10-19 10:00:17 upgrade php8.2-imagick:arm64
2024-10-19 10:00:17 upgrade php8.3-redis:arm64
2024-10-19 10:00:18 upgrade flash-kernel:arm64
2024-10-19 10:00:18 upgrade php7.4-imagick:arm64
2024-10-19 10:00:18 upgrade php8.0-apcu:arm64
2024-10-19 10:00:18 upgrade php8.0-imagick:arm64
2024-10-19 10:00:19 upgrade gjs:arm64
2024-10-19 10:00:19 upgrade libgjs0g:arm64
2024-10-19 10:00:19 upgrade nginx:arm64
2024-10-19 10:00:19 upgrade openvpn:arm64
2024-10-19 10:00:19 upgrade snapd:arm64
2024-10-19 10:16:18 install popularity-contest:all
2024-10-19 10:17:45 install deborphan:arm64
2024-10-19 10:21:49 install libdouble-conversion3:arm64
2024-10-19 10:21:49 install libpcre2-16-0:arm64
2024-10-19 10:21:50 install libmd4c0:arm64
2024-10-19 10:21:50 install libqt5core5a:arm64
2024-10-19 10:21:50 install libqt5dbus5:arm64
2024-10-19 10:21:50 install libqt5network5:arm64
2024-10-19 10:21:50 install libxcb-xinerama0:arm64
2024-10-19 10:21:50 install libxcb-xinput0:arm64
2024-10-19 10:21:51 install fonts-league-spartan:all
2024-10-19 10:21:51 install libqt5charts5:arm64
2024-10-19 10:21:51 install libqt5gui5:arm64
2024-10-19 10:21:51 install libqt5svg5:arm64
2024-10-19 10:21:51 install libqt5widgets5:arm64
2024-10-19 10:21:52 install qt5-gtk-platformtheme:arm64
2024-10-19 10:21:52 install qttranslations5-l10n:all
2024-10-19 10:21:52 install stacer:arm64
2024-10-24 06:52:00 upgrade libunbound8:arm64
2024-10-24 06:52:09 upgrade gir1.2-javascriptcoregtk-4.0:arm64
2024-10-24 06:52:09 upgrade gir1.2-webkit2-4.0:arm64
2024-10-24 06:52:09 upgrade libwebkit2gtk-4.0-37:arm64
2024-10-24 06:52:10 upgrade libjavascriptcoregtk-4.0-18:arm64
2024-10-24 10:10:42 upgrade distro-info-data:all
2024-10-29 11:49:12 install python3-packaging:all
2024-10-29 11:49:12 upgrade gnome-shell-extension-ubuntu-dock:all
2024-10-29 11:49:12 upgrade sosreport:arm64
2024-10-29 11:49:12 upgrade ubuntu-drivers-common:arm64
2024-10-29 11:49:13 upgrade u-boot-tools:arm64
2024-10-30 06:06:44 upgrade python3-urllib3:all
2024-10-30 13:50:27 install libmysqlclient-dev:arm64
2024-10-30 13:50:27 install libssl-dev:arm64
2024-10-30 13:50:27 install libzstd-dev:arm64
2024-10-30 14:20:52 upgrade libdbd-mysql-perl:arm64
2024-10-31 06:06:34 upgrade xserver-common:all
2024-10-31 06:06:48 upgrade xserver-xorg-core:arm64
2024-10-31 06:06:58 upgrade python3-pip:all
2024-10-31 06:07:11 upgrade xwayland:arm64
2024-10-31 06:07:23 upgrade python3-pip-whl:all
2024-10-31 06:07:34 upgrade xserver-xephyr:arm64
2024-10-31 06:07:46 upgrade xserver-xorg-legacy:arm64
2024-10-31 11:34:56 upgrade libarchive13:arm64
2024-10-31 11:34:56 upgrade php8.2-xml:arm64
2024-10-31 11:34:56 upgrade php8.2-zip:arm64
2024-10-31 11:34:59 upgrade php8.2-readline:arm64
2024-10-31 11:34:59 upgrade php8.2-soap:arm64
2024-10-31 11:35:00 upgrade php8.2-pgsql:arm64
2024-10-31 11:35:00 upgrade php8.2-pspell:arm64
2024-10-31 11:35:01 upgrade php8.2-opcache:arm64
2024-10-31 11:35:02 upgrade php8.2-mysql:arm64
2024-10-31 11:35:03 upgrade php8.2-mbstring:arm64
2024-10-31 11:35:04 upgrade php8.2-intl:arm64
2024-10-31 11:35:04 upgrade php8.2-ldap:arm64
2024-10-31 11:35:05 upgrade php8.2-gd:arm64
2024-10-31 11:35:05 upgrade php8.2-imap:arm64
2024-10-31 11:35:06 upgrade php8.2-cli:arm64
2024-10-31 11:35:06 upgrade php8.2-curl:arm64
2024-10-31 11:35:06 upgrade php8.2-fpm:arm64
2024-10-31 11:35:07 upgrade php8.2-bcmath:arm64
2024-10-31 11:35:07 upgrade php8.2-bz2:arm64
2024-10-31 11:35:08 upgrade php8.2-common:arm64
2024-10-31 11:35:15 upgrade php8.3-readline:arm64
2024-10-31 11:35:16 upgrade php8.3-opcache:arm64
2024-10-31 11:35:16 upgrade php8.3-phpdbg:arm64
2024-10-31 11:35:17 upgrade php8.3-cli:arm64
2024-10-31 11:35:17 upgrade php8.3-common:arm64
2024-10-31 11:35:24 upgrade php8.4-readline:arm64
2024-10-31 11:35:25 upgrade php8.4-opcache:arm64
2024-10-31 11:35:26 upgrade php8.4-phpdbg:arm64
2024-10-31 11:35:27 upgrade php8.4-cli:arm64
2024-10-31 11:35:27 upgrade php8.4-common:arm64
root@digioso:/var/log#

Service Status:

root@digioso:~# service proftpd status
â—Ź proftpd.service - LSB: Starts ProFTPD daemon
     Loaded: loaded (/etc/init.d/proftpd; generated)
     Active: active (exited) since Thu 2024-10-31 13:40:53 CET; 2min 38s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 1235 ExecStart=/etc/init.d/proftpd start (code=exited, status=0/SUCCESS)
        CPU: 5ms

Oct 31 13:40:53 digioso.net systemd[1]: Starting LSB: Starts ProFTPD daemon...
Oct 31 13:40:53 digioso.net systemd[1]: Started LSB: Starts ProFTPD daemon.
root@digioso:~#

Configuration file:

ServerName                      "FTP"
MasqueradeAddress		130.61.111.98
ServerIdent                     on "FTP Server ready."
ServerAdmin                     [email protected]
DefaultServer                   on
DefaultRoot                  ~ !adm

Include /etc/proftpd/tls.conf
Include /etc/proftpd/conf.d/*.conf

<IfModule mod_vroot.c>
    VRootEngine                 on
    VRootAlias                  /etc/security/pam_env.conf etc/security/pam_env.conf
</IfModule>

AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
UseReverseDNS                   off
User                            proftpd
Group                           nogroup
MaxInstances                    20
UseSendfile                     off
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
ListOptions                     -a
RequireValidShell               off
PassivePorts                    12000 12100

<Global>
  Umask                         002
  #IdentLookups                  off
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

I noticed that the SSL certifcates have expird. But that was beginning of this year. Shouldn’t Hestia renew them automatically? But I don’t believe that this is causing the problem. Because the FTP has been working until now.

syslog.1:Oct 24 10:11:22 digioso proftpd[1256]: 2024-10-24 10:11:22,228 digioso.net proftpd[1256]: mod_tls/2.9: certificate '/usr/local/hestia/ssl/certificate.crt': expired on Jan  3 12:16:09 2024 GMT
syslog.1:Oct 24 10:11:22 digioso proftpd[1256]: 2024-10-24 10:11:22,237 digioso.net proftpd[1256] 10.0.0.113: 10.0.0.113:21 masquerading as 130.61.111.98
syslog.1:Oct 24 10:11:24 digioso proftpd[2306]: 2024-10-24 10:11:24,810 digioso.net proftpd[2306]: mod_tls/2.9: certificate '/usr/local/hestia/ssl/certificate.crt': expired on Jan  3 12:16:09 2024 GMT

Hi @Digioso

Show the status of the socket:

systemctl status proftpd.socket

Thanks a lot for your reply!

ubuntu@digioso:~$ sudo systemctl status proftpd.socket
Unit proftpd.socket could not be found.
ubuntu@digioso:~$

I don’t know why the proftpd.socket is not there…

Backup proftpd conf and reinstall it:

sudo su -
mkdir /root/backup_etc_proftpd
cp -rf /etc/proftpd /root/backup_etc_proftpd
apt install --reinstall proftpd-core
systemctl restart proftpd
sleep 10
systemctl status proftpd
systemctl status proftpd.socket
1 Like

Thanks a lot!

The socket is now there. I can connect (in theory), but listing directories now fails:
From journalctl -xe|grep proftp

â–‘â–‘ Subject: A stop job for unit proftpd.service has begun execution
â–‘â–‘ A stop job for unit proftpd.service has begun execution.
Oct 31 16:06:22 digioso.net proftpd[10052]: digioso.net - ProFTPD killed (signal 15)
Oct 31 16:06:22 digioso.net proftpd[10052]: digioso.net - ProFTPD 1.3.7c standalone mode SHUTDOWN
Oct 31 16:06:23 digioso.net proftpd[10059]: pam_unix(proftpd:session): session closed for user digioso_ab
Oct 31 16:06:25 digioso.net proftpd[10053]: pam_unix(proftpd:session): session closed for user digioso_ab
Oct 31 16:06:25 digioso.net systemd[1]: proftpd.service: Deactivated successfully.
â–‘â–‘ The unit proftpd.service has successfully entered the 'dead' state.
â–‘â–‘ Subject: A stop job for unit proftpd.service has finished
â–‘â–‘ A stop job for unit proftpd.service has finished.
â–‘â–‘ Subject: A start job for unit proftpd.service has begun execution
â–‘â–‘ A start job for unit proftpd.service has begun execution.
Oct 31 16:06:25 digioso.net proftpd[10128]: Checking syntax of configuration file
Oct 31 16:06:25 digioso.net proftpd[10128]: 2024-10-31 16:06:25,547 digioso.net proftpd[10128]: mod_dso/0.5: unable to load 'mod_tls.c'; check to see if '/usr/lib/proftpd/mod_tls.la' exists
Oct 31 16:06:25 digioso.net proftpd[10128]: 2024-10-31 16:06:25,547 digioso.net proftpd[10128]: fatal: LoadModule: error loading module 'mod_tls.c': No such file or directory on line 10 of '/etc/proftpd/tls.conf'
Oct 31 16:06:25 digioso.net proftpd[10128]: 2024-10-31 16:06:25,547 digioso.net proftpd[10128]: warning: unable to include '/etc/proftpd/tls.conf': Operation not permitted
Oct 31 16:06:25 digioso.net proftpd[10128]: 2024-10-31 16:06:25,549 digioso.net proftpd[10128] digioso.net: 10.0.0.113:21 masquerading as 130.61.111.98
Oct 31 16:06:25 digioso.net proftpd[10129]: 2024-10-31 16:06:25,566 digioso.net proftpd[10129]: mod_dso/0.5: unable to load 'mod_tls.c'; check to see if '/usr/lib/proftpd/mod_tls.la' exists
Oct 31 16:06:25 digioso.net proftpd[10129]: 2024-10-31 16:06:25,566 digioso.net proftpd[10129]: fatal: LoadModule: error loading module 'mod_tls.c': No such file or directory on line 10 of '/etc/proftpd/tls.conf'
Oct 31 16:06:25 digioso.net proftpd[10129]: 2024-10-31 16:06:25,566 digioso.net proftpd[10129]: warning: unable to include '/etc/proftpd/tls.conf': Operation not permitted
Oct 31 16:06:25 digioso.net proftpd[10129]: 2024-10-31 16:06:25,567 digioso.net proftpd[10129] digioso.net: 10.0.0.113:21 masquerading as 130.61.111.98
Oct 31 16:06:25 digioso.net proftpd[10130]: digioso.net - ProFTPD 1.3.7c (maint) (built Fri Dec 3 2021 13:35:22 UTC) standalone mode STARTUP
â–‘â–‘ Subject: A start job for unit proftpd.service has finished successfully
â–‘â–‘ A start job for unit proftpd.service has finished successfully.
Oct 31 16:06:30 digioso.net proftpd[10135]: pam_unix(proftpd:session): session opened for user digioso_ab(uid=1003) by (uid=0)
Oct 31 16:06:42 digioso.net proftpd[10148]: pam_unix(proftpd:session): session opened for user digioso_ab(uid=1003) by (uid=0)
Oct 31 16:09:54 digioso.net proftpd[10472]: pam_unix(proftpd:session): session opened for user digioso_ab(uid=1003) by (uid=0)
root@digioso:~#

Filezilla log:

Status:	Resolving address of digioso.net
Status:	Connecting to 130.61.111.98:21...
Status:	Connection established, waiting for welcome message...
Status:	Insecure server, it does not support FTP over TLS.
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is the current directory
Command:	TYPE I
Response:	200 Type set to I
Command:	PASV
Response:	227 Entering Passive Mode (130,61,111,98,156,9).
Command:	MLSD
Error:	The data connection could not be established: ETIMEDOUT - Connection attempt timed out

I fixed it!

→ debian - mod_tls missing on proftpd - Server Fault

apt install proftpd-mod-crypto

2 Likes

That’s because you are not using the range of ports 12000 12100 for passive connections. Restore the proftpd.conf file.

sudo su -
cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.backup
cp /root/backup_etc_proftpd/proftpd/proftpd.conf /etc/proftpd/
systemctl restart proftpd

That’s pretty weird because the error is clear:

Response:	227 Entering Passive Mode (130,61,111,98,156,9).
Command:	MLSD
Error:	The data connection could not be established: ETIMEDOUT - Connection attempt timed out

That means that it is trying to you use the port 39945 ((156*256)+9=39945) for the data connection and that port is not allowed by the firewall rules.

I’ll check out the firewall today evening. But with installing the missing module it seems to be working.

Filezilla log:

Status: Connecting to 130.61.111.98:21…
Status: Connection established, waiting for welcome message…
Status: Initializing TLS…
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing…
Status: Directory listing of / successful

Only thing open now is:

Oct 31 16:28:55 digioso.net proftpd[20608]: 2024-10-31 16:28:55,972 digioso.net proftpd[20608]: mod_tls/2.9: certificate '/usr/local/hestia/ssl/certificate.crt': expired on Jan  3 12:16:09 2024 GMT
Oct 31 16:28:55 digioso.net proftpd[20608]: 2024-10-31 16:28:55,974 digioso.net proftpd[20608] 10.0.0.113: 10.0.0.113:21 masquerading as 130.61.111.98
Oct 31 16:28:55 digioso.net proftpd[20609]: 2024-10-31 16:28:55,987 digioso.net proftpd[20609]: mod_tls/2.9: certificate '/usr/local/hestia/ssl/certificate.crt': expired on Jan  3 12:16:09 2024 GMT
Oct 31 16:28:55 digioso.net proftpd[20609]: 2024-10-31 16:28:55,990 digioso.net proftpd[20609] 10.0.0.113: 10.0.0.113:21 masquerading as 130.61.111.98

How do I get Hestia to renew the certificates? I’m using Let’s Encrypt.

Ok, but keep in mind that seems it is not using the ports range 12000-12100 for passive connections.

Seems your server’s hostname is digioso.net and you already have a certificate for that domain so, execute this command as root (replace YourUser by the actual user holding the web domain digioso.net):

v-update-host-certificate YourUser digioso.net
1 Like

Thanks a lot!

Certificates have been renewed. The server is hosted on the Oracle Cloud. I checked the ingress rules and they allow TCP 12000-12100.
In Filezilla I have set to failback to active mode. I assume that’s why it’s working.
For me that’s good enough. :slight_smile:
I’m not using the the server or Hestia for web hosting other people. I have only my stuff running there.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.