If you’re experiencing issues connecting via TLS/SSL FTP (FTPS) on a cPanel server (Pure-FTPd), it’s often due to missing configuration for the passive port range. This guide helps resolve those issues.
Step-by-step Instructions
- Create the Pure-FTPd Local Configuration File (if it doesn’t exist):
touch /var/cpanel/conf/pureftpd/local- Define a Passive Port Range:
echo "PassivePortRange: 30000 50000" >> /var/cpanel/conf/pureftpd/local⚠️ Make sure ports 30000–50000 are open in your firewall (e.g., CSF, iptables, firewalld, or your cloud provider’s panel).
- Rebuild Pure-FTPd Configuration and Restart Service:
/usr/local/cpanel/scripts/setupftpserver pure-ftpd --forceFirewall (CSF) Example to Allow the Passive Ports
Edit /etc/csf/csf.conf:
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,30000:50000"
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,30000:50000"Then restart CSF:
csf -rTest Secure FTP Connection
You can now test an FTPS (FTP with TLS) connection using a client like:
- FileZilla
- WinSCP
Make sure to select “FTP over TLS (explicit)” and not plain FTP.