Using Let’s Encrypt with ProFTPd on Ubuntu

Let’s Encrypt is a new Certificate Authority which provides free SSL certificates. There’s quite a few guides online on using LE to secure a web server such as Nginx or Apache but you can also secure an FTP server using ProFTPd.

Step 1: Generate Certificate

This step is the same as for a web server, so just follow Step 2 of this Digital Ocean guide. You may need to open port 443 on your firewall.

If you’re not using Ubuntu just follow any other guide for generating LE certificates.

Step 2: Configure ProFTPd

After generating the certificate you should have all the files you need to configure ProFTPd. Simply copy the below options into your ProFTPd config file (usually located in /etc/proftpd/conf.d), replacing [your domain] with the domain name from Step 1.

Restart the server (sudo service proftpd restart). You should now be able to connect to your server using FTPS.

These options provide the basic config needed to enable FTPS. It’s recommended that you look at the other TLS options, such as TLSProtocol to ensure your server is as secure as possible.

Note: A Let’s Encrypt certificate only lasts for 3 months so you’ll need to manually renew it by running Step 1 again, or set up a cron job.