lftp – Fatal error: Certificate verification: Not trusted

lftp: ftp clientAfter accessing your ftp site of your hosting provider you get the following error: Fatal error: Certificate verification: Not trusted you can fix it by running the following command in the current section.

set ssl:verify-certificate no

If you want to make the change permanently for your user, edit .lftp/rc file and add the following line:

set ssl:verify-certificate no

If you want to make it permanent for all users edit the file /etc/lftp.conf and add the following line:

set ssl:verify-certificate no

I add this part due to a rude comment, I appreciate and respect all comments, but I must clarify:

1. I wrote this article before Let’s Encrypt was created and some sites and service providers used self-signed certificates (it is possible that today there are some), as a way to create certain security while exchange information.

2. At the time of writing this article, I needed to access an ftp server of a business partner of the company for which I work and could only access via ftps but the server certificate was self-signed and could not change that since I had not control over the server; on the other hand I shouldn’t tell to a business partner: hey I can’t access your ftp server because you’re doing in a wrong way, please fix it and then let me know, business relationships don’t work in that way.

3. From the security point of view, the risk is that you are relying on a self-signed certificate and if the source is not trusted then it can trick you to obtain sensitive information, but that does not mean that the data travels in a clear format, This is the same thing that happens when you visit a site with a self-signed certificate (for example some site of your Intranet) and the browser “tells you”: Hey you are accessing a site with a certificate that I do not know (I can’t verify it because I do not have it within my root certificates), do you want to continue? As the source is trusted, you continue without it leading to security risks, however, whenever possible you should avoid self-signed certificates and not rely on unknown/unstrusted sources.

Further readings

– man lftp

8 thoughts on “lftp – Fatal error: Certificate verification: Not trusted”

  1. Lol,

    “Fix it” he calls it

    Stop putting trash on the net, this is not fixing it, it’s circumventing it and making it unsafe

    1. You are right but think on this scenario you need to dowload some files from a third party ftp, example a business partner and you don’t have control over the ftp server, the third party installed a self signed certificate, what are you going to do?

      1. Instead of disabling SSL certificate verification globally (dangerous idea), you can disable it just for the offending business partner by specifying their domain name:
        set ssl:verify-certificate/badbusiness.com no

        Have a great day, friend!

  2. Thanks for your tutorial, it helped me a lot in migrating a webserver!

    Ignore the bad comments, you have provided an emergency solution that works perfectly well!

    Thank you again

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.