How to avoid lftp Certificate verification error?

Solution 1:

From the manpage:

-c commands
Execute the given commands and exit. Commands can be separated with a semicolon (;), AND (&&) or OR (||). Remember to quote the commands argument properly in the shell. This option must be used alone without other arguments.

So you want to specify the commands as a single argument, separated by semicolons:

lftp ftp://$(FTP_USER)@$(FTP_HOST) -e "set ftp:ssl-allow no; mirror -R $(OUTPUTDIR) $(FTP_TARGET_DIR) ; quit"

You can actually omit the quit command and use -c instead of -e.

Solution 2:

I had a similar issue, though my lftp does have ssl support compiled in (Fedora RPM). ssl:verify-certificate false did the trick for me.

Solution 3:

no certificate check

echo "set ssl:verify-certificate no" >> ~/.lftp/rc

will solve the problem if you dont want the certificate to be checked

The secure solution with certificate is

What worked for me step by step with lftp:

  1. get certificate of host with openssl s_client -connect <ftp_hostname>:21 -starttls ftp, at the begining of result I got something like -----BEGIN CERTIFICATE----- MIIEQzCCAyu.....XjMO -----END CERTIFICATE-----
  2. copy that -----BEGIN CERTIFICATE----- MIIEQzCCAyu.....XjMO -----END CERTIFICATE----- into /etc/ssl/certs/ca-certificates.crt
  3. Into lftp configuration reference this certificate file adding to /etc/lftp.conf for systemwide set ssl:ca-file "/etc/ssl/certs/ca-certificates.crt"
  4. and then do your sync or whatever with lftp, on my case it is lftp -u "${FTP_USER},${FTP_PWD}" ${FTP_HOST} -e "set net:timeout 10;mirror ${EXCLUDES} -R ${LOCAL_SOURCE_PATH} ${REMOTE_DEST_PATH} ; quit"

Solution 4:

ssl:verfy-certificate false didn't work for me, I was getting a timeout error when "making data connection".

I followed these instruction by adding set ftp:ssl-allow false to my ~/.lftprc file.

Solution 5:

In addition I tried:

  • set ssl:verify-certificate/ no
  • This trick to disable certificate verification in lftp:

$ cat ~/.lftp/rc set ssl:verify-certificate no

Try using set ftp:ssl-allow no; it worked like a charm for me.