Filezilla Server Lets Encrypt Cert

[Kruglerd]

Hi folks

I have a small 2022 server that I use for a few web apps that I built and my personal Plex server. I already have a "Lets Encrypt" certificate for my dynamic DNS domain that I would like to use in Filezilla. I have certbot automatically updating my certificates every 90 days. I already have a script setup to update both my website and my plex server utilizing openssl so it uses the certificate that is already generated and automatically updates to the new certificate every 90 days. I'd like to use the similar/same method to enable encryption for my filezilla server. I'm lost on the setup. I am trying to use the "FTP and FTP over TLS (FTPS). I state that I want to provide a X.509 Certificate, I have tried entering both the archive and live version of C:\Certbot\live\MYDNSDOMAIN\privkey.pfx, cert.pem, chain.pem, fullchain.pem, privkey.pem, and even tried the privacy.p12 I use for my plex server and cannot get filezilla to accept it. I'm guessing I'm not using the right combination, it tells me "Couldn't get certificate extra information". Is there some openssl command I have to use to generate a Filezilla Server compatible certificate, or can someone point me to the correct combination of private/certificate file to use. Can Filezilla use symlink, or like my plex server, do I need to have a specific place for filezilla to load the pem/pfx/p12 file for this to work.

Thanks in advance.

[botg]

The error message you are getting is from an outdated version of FileZilla Server. You need to update to the most recent version of FileZilla Server, outdated versions are not supported.

[Kruglerd]

ok, so I upgraded to 1.81 as you suggested. received the error message is "Couldn't get Certificate information. Please check that your input file is correct and try again. Couldn't read key file." The server is running as local system, so added system to file rights, then received an error GnuTLS error-207: Base64 unexpected header error. Used the PEM File rather than the PFX file, opened as expected

so the correct answer for the files are to ensure SYSTEM has read rights to the following files
C:\certbot\live\DOMAIN\privkey.pem
C:\certbot\live\DOMAIN\cert.pem

Last question: When this file (Which is a symlink) is updated, will Filezilla automatically update or does the server have to be stopped and started to realize the update that happens every 90 days?

[oibaf]

Last question: When this file (Which is a symlink) is updated, will Filezilla automatically update or does the server have to be stopped and started to realize the update that happens every 90 days?

No need to restart.

[Kruglerd]

So was upgrading the office to use Lets Encrypt and setup to use a wildcard certificate, It reads the files, but keeps coming up with GnuTLS Error -29: The Session or certificate has expired.

Is it somehow confusing UTM vs _DT? It's been a few hours since the certificate has been issued (9AM vs. 11AM), it shows the activation date and expiration date properly. Should I just wait a day? something not understanding the available hostnames of *.example.com example.com?