I use Letsencrypt certificates for my PureFTPd server on Mageia. After the latest renewal of my certificate, I got a warning from Filezilla about it, however, this time the checkbox, which allows to trust the certificate, is disabled. This results in a warning about the certificate every time I connect.
Thank you for the report. > After the latest renewal of my certificate, I got a warning from > Filezilla about it Did you get this warning previously, or only since cert updates? > this time the checkbox, which allows to trust the certificate, is disabled So have you seen previously the warning with the checkbox enabled? If so, in what circumstances?
CC: (none) => lewyssmithSource RPM: (none) => filezilla-3.55.0-1.mga8.src.rpm
Hi Lewis; I used to get this warning whenever the certificate was renewed, that is every three months approximately. So upon renewal Filezilla did warn me, but I always could tick the checkbox to trust the certificate. This time the checkboxes for trusting the certificate and trust the alternative names within are greyed out, where it is impossible to tick them.
It seems that Filezilla has been updated during M8. $ rpm -q --last filezilla filezilla-3.55.0-1.mga8.x86_64 <date> will show when (on my system end July, ages ago). Can you relate the changed behaviour to the update? To check behaviour re the previous version: # urpmi --downgrade filezilla-3.51.0-3.mga8 [I think] although this would mean waiting for your next certificate update.
I downgraded it now, but I could not tick the checkbox either. I'll try to delete the whole configuration for Filezilla and see if it works.
Thank you for the dowbgrade check. Can you report back on: > I'll try to delete the whole configuration for Filezilla and see if it works
In most cases when the checkbox is greyed out, the certificate is broken/invalid/not properly imported so thatt filezilla is forced to deny the acceptance. https://www.google.com/search?q=filezilla+accept+certificate+greyed+out&oq=filezilla+accept+certificate+grey&aqs=chrome.1.69i57j33i22i29i30.24411j0j4&sourceid=chrome&ie=UTF-8
@Lewis; deleting the configuration did not solve the issue. @sturmvogel; the same certificate is used for the webserver, chat server and other services. I think that filezilla is just reporting the change of the server certificate upon renewal as usual. In the past it showed the warning and allowed me to trust the certificate. Unless something has changed with Letsencrypt chain, everything is still the same.
Hm, maybe the Letsencrypt chain changed indeed: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
But according to this article and considering that the websites and the other services have no problem, I would only assume one of two unlikely issues: 1. Our filezilla in M8 is comiling against an older version of OpenSSL. 2. The ISRG Root X1 is not recognised (or bundled maybe!) by filezilla. I am lost here!
Solved with todays updates of nss and root certificate bundle :) nss 3.74.0 rootcerts 20211213.00 Thank you all
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
And thank you for solving & closing it.