jonpaul:
What will be the next advice? Routinely working on live circuits, because some random guy 50 years ago said that “we can be hit by a lightning anyway, so why care”? Even weirder, considering the painting you have set as your avatar.
T3sl4co1l:
I skipped that topic entirely earlier, due to the smell FileZilla attained and that I would need to verify and build the server myself. Not knowing the piece of software, what you described looks unfamiliar to me too: in other words, the description is really not providing any information about the actual issue you are experiencing. Other than “it doesn’t work” and mentioning “some random bullshit error”, the content of which you didn’t share with us.
So, trying to help from a more general perspective, let’s first make sure we’re talking about the same thing. On the server side, TLS has two components: server’s
private key, which is secret, and a
certificate, which is public and sent to clients. The role of a Certification Authority (CA) is to issue you that certificate. ACME is a relatively recent,
open and standardized protocol to automatize that, supported by some CAs. ISRG, the organisation behind the Let’s Encrypt brand, is one of them.
The process is as follows:
ACME handles the 3rd point. The rest is up to you and software you use.
Now: I do not know what “ACME support” in FileZilla means. I will skip that part completely. Even if they do handle generation of the key pair and then ACME, personally I would avoid using that implementation due to my concerns about implementation quality. Instead, you may use another ACME implementation and then install the relevant files. If FileZilla Server supports TLS, it
must accept them — it’s a part of the technology, not a thing they can make decisions about.
A commonly used ACME client is
certbot, a reference implementation maintained by Electronic Frontiers Foundation. The advantages are: it will generate the keypair for you, it will make and send CSRs, and handle validation. The output are multiple files in “config/live/DOMAIN_NAME”, among them the key and the certificate. Judging by the screenshots I found on the internet, FileZilla Server allows selecting those files in Options, in “SSL/TLS settings” branch. That will be the “Private Key File” and “Certificate File” inputs. The private key is “privkey.pem”. The certificate is normally “fullchain.pem”, which contains both your certificate and all certificates in its chain. Some servers (perhaps FileZilla too) may expect your certificate only (“cert.pem”), though this is rare.
Now, at this point I can’t help you with
certbot: for that I would need to know your operating system. On many Linux distros it will be quite easy, though I will be of little assistance if it comes to Windows (in particular with Python and other dependencies installation).