ProFTP no longer working

Digioso · October 31, 2024, 12:51pm

Hi!

Today I noticed that I can no longer access my HestiaCP using FTP. Yesterday it was still running. But I did a reboot today after installing updates. Since then I noticed the issue.
I am using the ProFTP server.
According to HestiaCP the service is not running. I logged in to the system and tried to start it manually (service proftpd start) but was told that the service is masked for
I unmasked the service (systemctl unmask proftpd.socket and systemctl unmask proftpd.service).
Afterwards I was able to start it again, but HestiaCP still shows the service as not running and a login via FTP is not possible.
I updated the ProFTP package a week ago, but have rebooted the server a couple of times sinc then - so it shouldn’t have anything to do with that update.

I am running Ubuntu 22.04.5.

dpkg install/update log:

root@digioso:/var/log# egrep -e 'upgrade|install ' /var/log/dpkg.log | sort | cut -f1,2,3,4 -d' '
2024-10-02 06:47:13 upgrade bubblewrap:arm64
2024-10-02 06:47:34 upgrade vim:arm64
2024-10-02 06:47:35 upgrade vim-common:all
2024-10-02 06:47:35 upgrade vim-runtime:all
2024-10-02 06:47:35 upgrade vim-tiny:arm64
2024-10-02 06:47:45 upgrade xxd:arm64
2024-10-10 06:08:04 upgrade libfontembed1:arm64
2024-10-10 06:08:16 upgrade cups-browsed:arm64
2024-10-10 06:08:28 upgrade cups-filters-core-drivers:arm64
2024-10-10 06:08:28 upgrade cups-filters:arm64
2024-10-10 06:08:43 upgrade libcupsfilters1:arm64
2024-10-11 06:27:44 upgrade ubuntu-advantage-desktop-daemon:arm64
2024-10-11 06:27:58 install linux-oracle-6.8-headers-6.8.0-1013:all
2024-10-11 06:28:03 install linux-headers-6.8.0-1013-oracle:arm64
2024-10-11 06:28:04 install linux-modules-6.8.0-1013-oracle:arm64
2024-10-11 06:28:05 install linux-image-6.8.0-1013-oracle:arm64
2024-10-11 06:28:06 install linux-oracle-6.8-tools-6.8.0-1013:arm64
2024-10-11 06:28:06 upgrade linux-headers-oracle:arm64
2024-10-11 06:28:06 upgrade linux-image-oracle:arm64
2024-10-11 06:28:06 upgrade linux-oracle:arm64
2024-10-11 06:28:07 install linux-tools-6.8.0-1013-oracle:arm64
2024-10-11 06:28:38 upgrade libgsf-1-common:all
2024-10-11 06:28:49 upgrade libgsf-1-114:arm64
2024-10-18 06:24:16 install linux-oracle-6.8-headers-6.8.0-1014:all
2024-10-18 06:24:22 install linux-headers-6.8.0-1014-oracle:arm64
2024-10-18 06:24:24 install linux-modules-6.8.0-1014-oracle:arm64
2024-10-18 06:24:25 install linux-image-6.8.0-1014-oracle:arm64
2024-10-18 06:24:26 install linux-oracle-6.8-tools-6.8.0-1014:arm64
2024-10-18 06:24:26 install linux-tools-6.8.0-1014-oracle:arm64
2024-10-18 06:24:26 upgrade linux-headers-oracle:arm64
2024-10-18 06:24:26 upgrade linux-image-oracle:arm64
2024-10-18 06:24:26 upgrade linux-oracle:arm64
2024-10-18 06:24:59 upgrade linux-tools-common:all
2024-10-18 06:25:14 upgrade libarchive13:arm64
2024-10-18 06:25:27 upgrade linux-libc-dev:arm64
2024-10-19 10:00:15 upgrade php-memcached:arm64
2024-10-19 10:00:15 upgrade php8.2-igbinary:arm64
2024-10-19 10:00:15 upgrade php8.3-igbinary:arm64
2024-10-19 10:00:16 install php8.4-cli:arm64
2024-10-19 10:00:16 install php8.4-common:arm64
2024-10-19 10:00:16 install php8.4-igbinary:arm64
2024-10-19 10:00:16 install php8.4-opcache:arm64
2024-10-19 10:00:16 install php8.4-phpdbg:arm64
2024-10-19 10:00:16 install php8.4-readline:arm64
2024-10-19 10:00:16 upgrade php8.3-memcached:arm64
2024-10-19 10:00:17 install php8.4-memcached:arm64
2024-10-19 10:00:17 install php8.4-msgpack:arm64
2024-10-19 10:00:17 install php8.4-redis:arm64
2024-10-19 10:00:17 upgrade php-redis:arm64
2024-10-19 10:00:17 upgrade php8.1-imagick:arm64
2024-10-19 10:00:17 upgrade php8.2-imagick:arm64
2024-10-19 10:00:17 upgrade php8.3-redis:arm64
2024-10-19 10:00:18 upgrade flash-kernel:arm64
2024-10-19 10:00:18 upgrade php7.4-imagick:arm64
2024-10-19 10:00:18 upgrade php8.0-apcu:arm64
2024-10-19 10:00:18 upgrade php8.0-imagick:arm64
2024-10-19 10:00:19 upgrade gjs:arm64
2024-10-19 10:00:19 upgrade libgjs0g:arm64
2024-10-19 10:00:19 upgrade nginx:arm64
2024-10-19 10:00:19 upgrade openvpn:arm64
2024-10-19 10:00:19 upgrade snapd:arm64
2024-10-19 10:16:18 install popularity-contest:all
2024-10-19 10:17:45 install deborphan:arm64
2024-10-19 10:21:49 install libdouble-conversion3:arm64
2024-10-19 10:21:49 install libpcre2-16-0:arm64
2024-10-19 10:21:50 install libmd4c0:arm64
2024-10-19 10:21:50 install libqt5core5a:arm64
2024-10-19 10:21:50 install libqt5dbus5:arm64
2024-10-19 10:21:50 install libqt5network5:arm64
2024-10-19 10:21:50 install libxcb-xinerama0:arm64
2024-10-19 10:21:50 install libxcb-xinput0:arm64
2024-10-19 10:21:51 install fonts-league-spartan:all
2024-10-19 10:21:51 install libqt5charts5:arm64
2024-10-19 10:21:51 install libqt5gui5:arm64
2024-10-19 10:21:51 install libqt5svg5:arm64
2024-10-19 10:21:51 install libqt5widgets5:arm64
2024-10-19 10:21:52 install qt5-gtk-platformtheme:arm64
2024-10-19 10:21:52 install qttranslations5-l10n:all
2024-10-19 10:21:52 install stacer:arm64
2024-10-24 06:52:00 upgrade libunbound8:arm64
2024-10-24 06:52:09 upgrade gir1.2-javascriptcoregtk-4.0:arm64
2024-10-24 06:52:09 upgrade gir1.2-webkit2-4.0:arm64
2024-10-24 06:52:09 upgrade libwebkit2gtk-4.0-37:arm64
2024-10-24 06:52:10 upgrade libjavascriptcoregtk-4.0-18:arm64
2024-10-24 10:10:42 upgrade distro-info-data:all
2024-10-29 11:49:12 install python3-packaging:all
2024-10-29 11:49:12 upgrade gnome-shell-extension-ubuntu-dock:all
2024-10-29 11:49:12 upgrade sosreport:arm64
2024-10-29 11:49:12 upgrade ubuntu-drivers-common:arm64
2024-10-29 11:49:13 upgrade u-boot-tools:arm64
2024-10-30 06:06:44 upgrade python3-urllib3:all
2024-10-30 13:50:27 install libmysqlclient-dev:arm64
2024-10-30 13:50:27 install libssl-dev:arm64
2024-10-30 13:50:27 install libzstd-dev:arm64
2024-10-30 14:20:52 upgrade libdbd-mysql-perl:arm64
2024-10-31 06:06:34 upgrade xserver-common:all
2024-10-31 06:06:48 upgrade xserver-xorg-core:arm64
2024-10-31 06:06:58 upgrade python3-pip:all
2024-10-31 06:07:11 upgrade xwayland:arm64
2024-10-31 06:07:23 upgrade python3-pip-whl:all
2024-10-31 06:07:34 upgrade xserver-xephyr:arm64
2024-10-31 06:07:46 upgrade xserver-xorg-legacy:arm64
2024-10-31 11:34:56 upgrade libarchive13:arm64
2024-10-31 11:34:56 upgrade php8.2-xml:arm64
2024-10-31 11:34:56 upgrade php8.2-zip:arm64
2024-10-31 11:34:59 upgrade php8.2-readline:arm64
2024-10-31 11:34:59 upgrade php8.2-soap:arm64
2024-10-31 11:35:00 upgrade php8.2-pgsql:arm64
2024-10-31 11:35:00 upgrade php8.2-pspell:arm64
2024-10-31 11:35:01 upgrade php8.2-opcache:arm64
2024-10-31 11:35:02 upgrade php8.2-mysql:arm64
2024-10-31 11:35:03 upgrade php8.2-mbstring:arm64
2024-10-31 11:35:04 upgrade php8.2-intl:arm64
2024-10-31 11:35:04 upgrade php8.2-ldap:arm64
2024-10-31 11:35:05 upgrade php8.2-gd:arm64
2024-10-31 11:35:05 upgrade php8.2-imap:arm64
2024-10-31 11:35:06 upgrade php8.2-cli:arm64
2024-10-31 11:35:06 upgrade php8.2-curl:arm64
2024-10-31 11:35:06 upgrade php8.2-fpm:arm64
2024-10-31 11:35:07 upgrade php8.2-bcmath:arm64
2024-10-31 11:35:07 upgrade php8.2-bz2:arm64
2024-10-31 11:35:08 upgrade php8.2-common:arm64
2024-10-31 11:35:15 upgrade php8.3-readline:arm64
2024-10-31 11:35:16 upgrade php8.3-opcache:arm64
2024-10-31 11:35:16 upgrade php8.3-phpdbg:arm64
2024-10-31 11:35:17 upgrade php8.3-cli:arm64
2024-10-31 11:35:17 upgrade php8.3-common:arm64
2024-10-31 11:35:24 upgrade php8.4-readline:arm64
2024-10-31 11:35:25 upgrade php8.4-opcache:arm64
2024-10-31 11:35:26 upgrade php8.4-phpdbg:arm64
2024-10-31 11:35:27 upgrade php8.4-cli:arm64
2024-10-31 11:35:27 upgrade php8.4-common:arm64
root@digioso:/var/log#

Service Status:

root@digioso:~# service proftpd status
● proftpd.service - LSB: Starts ProFTPD daemon
     Loaded: loaded (/etc/init.d/proftpd; generated)
     Active: active (exited) since Thu 2024-10-31 13:40:53 CET; 2min 38s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 1235 ExecStart=/etc/init.d/proftpd start (code=exited, status=0/SUCCESS)
        CPU: 5ms

Oct 31 13:40:53 digioso.net systemd[1]: Starting LSB: Starts ProFTPD daemon...
Oct 31 13:40:53 digioso.net systemd[1]: Started LSB: Starts ProFTPD daemon.
root@digioso:~#

Configuration file:

ServerName                      "FTP"
MasqueradeAddress		130.61.111.98
ServerIdent                     on "FTP Server ready."
ServerAdmin                     [email protected]
DefaultServer                   on
DefaultRoot                  ~ !adm

Include /etc/proftpd/tls.conf
Include /etc/proftpd/conf.d/*.conf

<IfModule mod_vroot.c>
    VRootEngine                 on
    VRootAlias                  /etc/security/pam_env.conf etc/security/pam_env.conf
</IfModule>

AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
UseReverseDNS                   off
User                            proftpd
Group                           nogroup
MaxInstances                    20
UseSendfile                     off
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
ListOptions                     -a
RequireValidShell               off
PassivePorts                    12000 12100

<Global>
  Umask                         002
  #IdentLookups                  off
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

I noticed that the SSL certifcates have expird. But that was beginning of this year. Shouldn’t Hestia renew them automatically? But I don’t believe that this is causing the problem. Because the FTP has been working until now.

syslog.1:Oct 24 10:11:22 digioso proftpd[1256]: 2024-10-24 10:11:22,228 digioso.net proftpd[1256]: mod_tls/2.9: certificate '/usr/local/hestia/ssl/certificate.crt': expired on Jan  3 12:16:09 2024 GMT
syslog.1:Oct 24 10:11:22 digioso proftpd[1256]: 2024-10-24 10:11:22,237 digioso.net proftpd[1256] 10.0.0.113: 10.0.0.113:21 masquerading as 130.61.111.98
syslog.1:Oct 24 10:11:24 digioso proftpd[2306]: 2024-10-24 10:11:24,810 digioso.net proftpd[2306]: mod_tls/2.9: certificate '/usr/local/hestia/ssl/certificate.crt': expired on Jan  3 12:16:09 2024 GMT

sahsanu · October 31, 2024, 2:01pm

Hi @Digioso

Show the status of the socket:

systemctl status proftpd.socket

Digioso · October 31, 2024, 2:12pm

Thanks a lot for your reply!

ubuntu@digioso:~$ sudo systemctl status proftpd.socket
Unit proftpd.socket could not be found.
ubuntu@digioso:~$

sahsanu · October 31, 2024, 2:46pm

I don’t know why the proftpd.socket is not there…

Backup proftpd conf and reinstall it:

sudo su -
mkdir /root/backup_etc_proftpd
cp -rf /etc/proftpd /root/backup_etc_proftpd
apt install --reinstall proftpd-core
systemctl restart proftpd
sleep 10
systemctl status proftpd
systemctl status proftpd.socket

Digioso · October 31, 2024, 3:20pm

Thanks a lot!

The socket is now there. I can connect (in theory), but listing directories now fails:
From journalctl -xe|grep proftp

░░ Subject: A stop job for unit proftpd.service has begun execution
░░ A stop job for unit proftpd.service has begun execution.
Oct 31 16:06:22 digioso.net proftpd[10052]: digioso.net - ProFTPD killed (signal 15)
Oct 31 16:06:22 digioso.net proftpd[10052]: digioso.net - ProFTPD 1.3.7c standalone mode SHUTDOWN
Oct 31 16:06:23 digioso.net proftpd[10059]: pam_unix(proftpd:session): session closed for user digioso_ab
Oct 31 16:06:25 digioso.net proftpd[10053]: pam_unix(proftpd:session): session closed for user digioso_ab
Oct 31 16:06:25 digioso.net systemd[1]: proftpd.service: Deactivated successfully.
░░ The unit proftpd.service has successfully entered the 'dead' state.
░░ Subject: A stop job for unit proftpd.service has finished
░░ A stop job for unit proftpd.service has finished.
░░ Subject: A start job for unit proftpd.service has begun execution
░░ A start job for unit proftpd.service has begun execution.
Oct 31 16:06:25 digioso.net proftpd[10128]: Checking syntax of configuration file
Oct 31 16:06:25 digioso.net proftpd[10128]: 2024-10-31 16:06:25,547 digioso.net proftpd[10128]: mod_dso/0.5: unable to load 'mod_tls.c'; check to see if '/usr/lib/proftpd/mod_tls.la' exists
Oct 31 16:06:25 digioso.net proftpd[10128]: 2024-10-31 16:06:25,547 digioso.net proftpd[10128]: fatal: LoadModule: error loading module 'mod_tls.c': No such file or directory on line 10 of '/etc/proftpd/tls.conf'
Oct 31 16:06:25 digioso.net proftpd[10128]: 2024-10-31 16:06:25,547 digioso.net proftpd[10128]: warning: unable to include '/etc/proftpd/tls.conf': Operation not permitted
Oct 31 16:06:25 digioso.net proftpd[10128]: 2024-10-31 16:06:25,549 digioso.net proftpd[10128] digioso.net: 10.0.0.113:21 masquerading as 130.61.111.98
Oct 31 16:06:25 digioso.net proftpd[10129]: 2024-10-31 16:06:25,566 digioso.net proftpd[10129]: mod_dso/0.5: unable to load 'mod_tls.c'; check to see if '/usr/lib/proftpd/mod_tls.la' exists
Oct 31 16:06:25 digioso.net proftpd[10129]: 2024-10-31 16:06:25,566 digioso.net proftpd[10129]: fatal: LoadModule: error loading module 'mod_tls.c': No such file or directory on line 10 of '/etc/proftpd/tls.conf'
Oct 31 16:06:25 digioso.net proftpd[10129]: 2024-10-31 16:06:25,566 digioso.net proftpd[10129]: warning: unable to include '/etc/proftpd/tls.conf': Operation not permitted
Oct 31 16:06:25 digioso.net proftpd[10129]: 2024-10-31 16:06:25,567 digioso.net proftpd[10129] digioso.net: 10.0.0.113:21 masquerading as 130.61.111.98
Oct 31 16:06:25 digioso.net proftpd[10130]: digioso.net - ProFTPD 1.3.7c (maint) (built Fri Dec 3 2021 13:35:22 UTC) standalone mode STARTUP
░░ Subject: A start job for unit proftpd.service has finished successfully
░░ A start job for unit proftpd.service has finished successfully.
Oct 31 16:06:30 digioso.net proftpd[10135]: pam_unix(proftpd:session): session opened for user digioso_ab(uid=1003) by (uid=0)
Oct 31 16:06:42 digioso.net proftpd[10148]: pam_unix(proftpd:session): session opened for user digioso_ab(uid=1003) by (uid=0)
Oct 31 16:09:54 digioso.net proftpd[10472]: pam_unix(proftpd:session): session opened for user digioso_ab(uid=1003) by (uid=0)
root@digioso:~#

Filezilla log:

Status:	Resolving address of digioso.net
Status:	Connecting to 130.61.111.98:21...
Status:	Connection established, waiting for welcome message...
Status:	Insecure server, it does not support FTP over TLS.
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is the current directory
Command:	TYPE I
Response:	200 Type set to I
Command:	PASV
Response:	227 Entering Passive Mode (130,61,111,98,156,9).
Command:	MLSD
Error:	The data connection could not be established: ETIMEDOUT - Connection attempt timed out

Digioso · October 31, 2024, 3:29pm

I fixed it!

→ debian - mod_tls missing on proftpd - Server Fault

apt install proftpd-mod-crypto

sahsanu · October 31, 2024, 3:30pm

That’s because you are not using the range of ports 12000 12100 for passive connections. Restore the proftpd.conf file.

sudo su -
cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.backup
cp /root/backup_etc_proftpd/proftpd/proftpd.conf /etc/proftpd/
systemctl restart proftpd

sahsanu · October 31, 2024, 3:34pm

That’s pretty weird because the error is clear:

Response:	227 Entering Passive Mode (130,61,111,98,156,9).
Command:	MLSD
Error:	The data connection could not be established: ETIMEDOUT - Connection attempt timed out

That means that it is trying to you use the port 39945 ((156*256)+9=39945) for the data connection and that port is not allowed by the firewall rules.

Digioso · October 31, 2024, 3:36pm

I’ll check out the firewall today evening. But with installing the missing module it seems to be working.

Filezilla log:

Status:	Connecting to 130.61.111.98:21…
Status:	Connection established, waiting for welcome message…
Status:	Initializing TLS…
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing…
Status:	Directory listing of / successful

Only thing open now is:

Oct 31 16:28:55 digioso.net proftpd[20608]: 2024-10-31 16:28:55,972 digioso.net proftpd[20608]: mod_tls/2.9: certificate '/usr/local/hestia/ssl/certificate.crt': expired on Jan  3 12:16:09 2024 GMT
Oct 31 16:28:55 digioso.net proftpd[20608]: 2024-10-31 16:28:55,974 digioso.net proftpd[20608] 10.0.0.113: 10.0.0.113:21 masquerading as 130.61.111.98
Oct 31 16:28:55 digioso.net proftpd[20609]: 2024-10-31 16:28:55,987 digioso.net proftpd[20609]: mod_tls/2.9: certificate '/usr/local/hestia/ssl/certificate.crt': expired on Jan  3 12:16:09 2024 GMT
Oct 31 16:28:55 digioso.net proftpd[20609]: 2024-10-31 16:28:55,990 digioso.net proftpd[20609] 10.0.0.113: 10.0.0.113:21 masquerading as 130.61.111.98

How do I get Hestia to renew the certificates? I’m using Let’s Encrypt.

sahsanu · October 31, 2024, 3:47pm

Ok, but keep in mind that seems it is not using the ports range 12000-12100 for passive connections.

Seems your server’s hostname is digioso.net and you already have a certificate for that domain so, execute this command as root (replace YourUser by the actual user holding the web domain digioso.net):

v-update-host-certificate YourUser digioso.net

Digioso · October 31, 2024, 7:50pm

Thanks a lot!

Certificates have been renewed. The server is hosted on the Oracle Cloud. I checked the ingress rules and they allow TCP 12000-12100.
In Filezilla I have set to failback to active mode. I assume that’s why it’s working.
For me that’s good enough.
I’m not using the the server or Hestia for web hosting other people. I have only my stuff running there.

system · November 30, 2024, 7:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.