GitHub Actions FTPS issue: "502 Command not implemented" and Cert Mismatch
-
Hostname Mismatch: The server certificate is issued to , but since I'm connecting via IP, I get an . I have to use "loose" security to bypass this.
-
502 Error: Even with a connection established, directory creation () fails with .
-
If you are running a firewall (like csf or even a hardware firewall) and you do not have appropriate Passive FTP Ports defined in /etc/pure-ftpd.conf AND allowed for in CSF (or your hardware firewall), then you will run into issues where you can log in but not navigate to directories.
For instance, if your /etc/pure-ftpd.conf has:
PassivePortRange 49152 65534
Then you'll want to make sure and add 49152:65534 to your TCP_IN line in /etc/csf/csf.conf
TCP_IN = "20,21,22,25,53,80,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,2443,7770:7800,8443,44445, 49152:65534"
As for the mismatched cert, instead of connecting to the IP address connect to one of the SSL-encrypted domains on the same machine (usually the server hostname, which is usually SSL secured). If you were to connect to the main hostname of the cPanel server, you likely would have no issues with a cert mismatch unless you never set up the free SSL for the server hostname in cPanel.
0 -
And you would want to make sure that the client is using Passive Mode (PASV) to connect.
In Passive Mode, only TCP 21 is open by default for control and then a high port is established for data. That's different than no firewall and TCP 21/20 open for control/data.
0
Please sign in to leave a comment.
Comments
2 comments