FTP Secure transfer with CURL isn't working

Hosting Support
1

Username (e.g. epiz_XXX) or Website URL

epiz_33357877

Error Message

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Other Information

First, let me start by saying super thank you for providing this wonderful hosting facility for us plebs :+1:

So the usual/recommended FTP transfer method using FileZilla works perfectly for me. Even the curl transfer works but only as long as I’m using the plain ftp and not “ftp secure” route (SSL over TLS). While trying to use the secure version, I’m getting below error:

>curl --ftp-ssl --cacert /path/to/cacert.pem -u epiz_33357877:<password> -T test.txt ftp://ftpupload.net/htdocs/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I’ve tried using the latest CA certificate from the curl website as described in this stackoverflow link but I’m still getting this same error. I’ve also tried both --ssl and ftp-ssl switches with the same result.

Finally, I also tried the “ftps” protocol instead of plain “ftp” on port 21. This time, I got the “wrong version number” error like this:

>curl --ftp-ssl --cacert /path/to/cacert.pem -u epiz_33357877:<password> -T test.txt ftps://ftpupload.net:21/htdocs/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

The FileZilla method works perfectly, but I’m trying to automate my build and deployment tooling so that for every few PHP file uploads, I don’t have to open FileZilla but be able to run this command in a batch script or something. Can you suggest something to get rid of this error?

1 Like
2

Free hosting does not support SFTP, only FTP over port 21.

There is a security certificate installed in the domain ftpupload.net.

3 Likes
3

I’m not talking about SFTP which, as I understand, requires a proper SSH server access and free hosting doesn’t provide that. I’m talking about FTPS which is different. It’s a secure version of that plain FTP but served using TLS encryption on port 21.

To the best of my knowledge Infinity does support FTPS. One way to verify this is that when you connect using FileZilla for first time, it does ask you to confirm/trust the remote certificate.

Difference between SFTP and FTPS

2 Likes
4

Unless you want to avoid it for some reason, disabling the verification (using -k) would work.

2 Likes
5

Our FTP server uses a certificate from Sectigo. However, it appears that the CA chain was not installed on the server, so cURL cannot verify the certificate with a standard CA bundle.

You can verify it if you use the signing certificate from Sectigo. You can get that one from Sectigo directly here: Comodo Knowledge Base (you’ll need the “Sectigo RSA Domain Validation Secure Server CA” one).

7 Likes
6

Thank you, that works perfectly :+1:
Not on its own but only when you add the Sectigo cert to the CA bundle obtained from curl website. Here is the working command:

>curl --ftp-ssl --cacert d:\keys\ftpupload.net\bundle.pem -u epiz_33357877:<password> -T CHANGE.log ftp://ftpupload.net/htdocs/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1298    0     0  100  1298      0    215  0:00:06  0:00:06 --:--:--   324

Note that “bundle.pem” is the curl CA bundle in which the Sectigo cert is appended in the end.

2 Likes
7

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.