How to avoid lftp Certificate verification error?
Solution 1:
From the manpage:
-c commands
Execute the given commands and exit. Commands can be separated with a semicolon (;), AND (&&) or OR (||). Remember to quote the commands argument properly in the shell. This option must be used alone without other arguments.
So you want to specify the commands as a single argument, separated by semicolons:
lftp ftp://$(FTP_USER)@$(FTP_HOST) -e "set ftp:ssl-allow no; mirror -R $(OUTPUTDIR) $(FTP_TARGET_DIR) ; quit"
You can actually omit the quit command and use -c instead of -e.
Solution 2:
I had a similar issue, though my lftp does have ssl support compiled in (Fedora RPM). ssl:verify-certificate false did the trick for me.
Solution 3:
no certificate check
echo "set ssl:verify-certificate no" >> ~/.lftp/rc
will solve the problem if you dont want the certificate to be checked
The secure solution with certificate is
What worked for me step by step with lftp:
- get certificate of host with
openssl s_client -connect <ftp_hostname>:21 -starttls ftp, at the begining of result I got something like-----BEGIN CERTIFICATE----- MIIEQzCCAyu.....XjMO -----END CERTIFICATE----- - copy that
-----BEGIN CERTIFICATE----- MIIEQzCCAyu.....XjMO -----END CERTIFICATE-----into/etc/ssl/certs/ca-certificates.crt - Into lftp configuration reference this certificate file adding to
/etc/lftp.conffor systemwideset ssl:ca-file "/etc/ssl/certs/ca-certificates.crt" - and then do your sync or whatever with
lftp, on my case it islftp -u "${FTP_USER},${FTP_PWD}" ${FTP_HOST} -e "set net:timeout 10;mirror ${EXCLUDES} -R ${LOCAL_SOURCE_PATH} ${REMOTE_DEST_PATH} ; quit"
Solution 4:
ssl:verfy-certificate false didn't work for me, I was getting a timeout error when "making data connection".
I followed these instruction by adding set ftp:ssl-allow false to my ~/.lftprc file.
Solution 5:
In addition I tried:
- set ssl:verify-certificate/ftp.myblog.com no
- This trick to disable certificate verification in lftp:
$ cat ~/.lftp/rc set ssl:verify-certificate no
Try using set ftp:ssl-allow no; it worked like a charm for me.