FWIW, I just went through this myself. I was mystified as to why my sites weren't connecting.  The new cert was using an updated/new intermediate and the old one, seemed to be the issue. My Letsencrypt certs are signed by Letsencrypt R12 and R13 which are, in turn, signed by ISRG Root X1.  I don't recall if the intermediates had expired or that the Letencrypt certificate update required a different intermediate, but I downloaded and installed the R12 and R13 intermediates , which I never recall having to do before (been using LE for years).

Selecting the certificate in DCM and then viewing the Certificate Hierarchy told me everything I needed to know.  But it was strange because, like I said, I never had to download new intermediates before.

Pete Helgren
www.petesworkshop.com
CISSP - MSCM
GIAC Cloud Penetration Tester
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals

On 9/29/2025 10:16 AM, Greg Wilburn wrote:
We had to manually download and add the intermediate certificate.

This is crazy... these certificates expire every 90 days. Surely they should renew.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Greg Wilburn
Sent: Monday, September 29, 2025 9:02 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: [EXTERNAL] SSL/TLS issue with FTP

Our hosted FTP server must have updated the certificate over the weekend. We are not unable to connect using
FTP RMTSYS(myftpserver) SECCNN(*SSL)

The error is
234 AUTH TLS successful
The server's certificate is not signed by a trusted certificate authority.
Do you want to trust the server's certificate temporarily in this session? (y/n)
Secure connection error, return code 6000

Connecting from a PC works just fine. The CA is "Let's Encrypt".

In DCM, I've populated all of the Let's Encrypt CA's along with ISRG Root 1 and 2.

What am I missing?
[Logo]<https://www.totalbizfulfillment.com/> Greg Wilburn
Director of IT
301.895.3792 ext. 1231
301.895.3895 direct
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx<mailto:gwilburn@xxxxxxxxxxxxxxxxxxxxxxx>
1 Corporate Dr
Grantsville, MD 21536
www.totalbizfulfillment.com<http://www.totalbizfulfillment.com>
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.




[CAUTION! This email originated outside of the organization. Please do not open attachments or click links from an unknown or suspicious origin.]

Greg Wilburn
Director of IT
301.895.3792 ext. 1231

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.