I've contacted the hosting company. Thank you so much for troubleshooting this issue, and helping me understand certificate verification better!
Naël On Tue, Mar 21, 2017 at 1:37 PM, Alexander V. Lukyanov <l...@netis.ru> wrote: > On Mon, Mar 20, 2017 at 11:49:46PM +0100, Daniel Fazekas wrote: >> On Mar 20, 2017, at 14:55, Nathanaël Naeri <nathanael.na...@gmail.com> wrote: >> > Is that an issue that this hosting company could do something about? I >> > can ask their sysadmins for help. >> >> It's a common setup mistake to make for server admins that they only add the >> server certificate to their configuration. Normally you also need to add one >> or more CA intermediate certs so that clients, which only normally carry and >> trust a bundle of root certs, could successfully verify the whole chain. >> It's generally as simple as concatenating the intermediate cert(s) after >> your server certificate, for the server admin. >> >> This could be the issue causing your problems, and something only they can >> fix, short of you manually adding that missing intermediate cert on all >> your client systems, working around their mistake. > > This seems to be the issue. The certificate chain of the ftp server is not > a chain, but rather a single link. It's necessary either change the server's > certificate to the full chain to the root CA, or add the "next link" to the > local CA storage. > > -- > Alexander. _______________________________________________ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
