When trying to update a site using the publish button, the ftp connection doesn’t work.
It was working last week, but MacHighway made security changes on their servers.
The MacHighway support desk responded with:
Apologies for the inconvenience caused.
In order to improve the security associated with FTP service and to avoid attack targeting to its port, we have modified the server wide security setting from “TLS-1.1” to “TLS-1.2”. Due to this reason you are facing the FTP connectivity issue. Please make sure that your FTP client is updated to the newest available version and it uses TLS-1.2. For example, if you are using Filezilla and want to know whether it is related to TLS issue, you can check it from your end. If you click the lock icon in the status bar you can see the session details, including negotiated TLS version. This will help you to identify the exact reason.
The one major thing that you will need to change on your end (if you are experiencing issues), is to enable TLS connections on your FTP client, usually by selecting to use FTPS (Please don’t get confused with SFTP). FTPs is “FTP over explicit TLS/SSL”. The respective setting for common FTP clients are included below:
Cyberduck : In the “Open Connection” window, please set the following: FTP-SSL (Explicit AUTH TLS) [it is in Dropdown]
The port number remains the same as 21 itself.
I am able to ftp using Cyberduck.
In RapidWeaver, the publishing choices are:
Local Folder
FTP
FTPS
SFTP
Amazon S3
None of the ftp choices works.
The workaround at the moment is to publish to ‘Local folder’ and use Cyberduck to manually update my sites. A bit cumbersome.
TLS1.2 has been out since 2008, in fact, TLS 1.3 specs are a few years old and unless you were/are using FTPS it shouldn’t have any impact. What were you using before?
Without seeing a screenshot of the publishing settings it’s hard to say what might be going on.
Since you are able to get a standalone FTP client working a screenshot of the publishing settings you got to work with Cyberduck would probably be helpful as well.
In RW, when I try to publish the site:
Error message:
Couldn’t sign in to your FTP server
Problem with the SSL CA cert (path? access rights?)
Worked fine last week.
I might not be much help, I never use ftps. It can be a bit difficult to get working behind firewalls, and I prefer SFTP. I don’t use Cyberduck so description of these settings don’t help me much.
What happens when you hit the test button on RW publishing setup screen?
It’s working this morning!
I don’t know what happened: if MacHighway did any changes, etc.
On 4/24/20, I was able to update the site in my RW like I’ve done many times before.
I have two other sites that are hosted on MacHighway too, and I ran into the same issue(s).
I was getting connection/log in error:
Even hitting the ‘Test’ button yielded the same.
I contacted MacHighway support and the response was:
In order to improve the security associated with FTP service and to avoid attack targeting to its port, we have modified the server wide security setting from “TLS-1.1” to “TLS-1.2”. Due to this reason you are facing the FTP connectivity issue.
In Cyberduck"Open Connection" window, please set the following: FTP-SSL (Explicit AUTH TLS) [it is in Dropdown]
I tested with Cyberduck, and it worked. So my home network/router is not to blame (I think).
Thus I was looking for this choice in the Publishing method within RW, but I can’t find it.
Decided to try again this morning, and it’s working once again!
(Both Cyberduck & RW)
I contacted MacHighway about the connection working again, and their response:
We have changed the TLS option back to optional on the servers and you should be able to access the FTP normally now. Once we the new TLS option is available on all major FTP platforms we will change the TLS version back to TLS 1.2 for better security of the servers. We will surely notify you if any such changes are made.
So publishing my sites in RapidWeaver works like before.
I hope the RW developers include this change in upcoming updates!
@GudNuf-Harley,
Not sure what exactly is causing the issue you’re having, but @Aaron (from RealMac) confirmed on this post that RapidWeaver supports TLS 1.2.
I know there’s a number of people that aren’t having issues with using FTPS. I don’t use FTPS myself, I always prefer SFTP, it uses SSH(Secure Shell), the same process used to administer the server.
I looked at Machighway’s support area to try and find any help on their knowledge base and they don’t even list FTPS or SFTP as being supported? The KB article for RapidWeaver publishing looks to be very old (pre RW6?), so not much help there.
Part of the error message that you posted (Problem with the SSL CA cert (path? access rights?), looks to be something being returned by the server. But since Machighway “backed out” the changes it’s going to be difficult to tell for sure what happened.
Their changes obviously “broke” more than just you so my guess is that there was something not quite right with their implementation. Hopefully they’ll do a better job testing (and update the KB area) before they attempt to go forward.
MacHighway reinstituted their security change on Monday (1 June) after which I couldn’t upload to my website. I’m assuming that you also have found the same? This is the same change they made in May, which was reversed. I also received the same apology, word for word.
They promised in this email that a prior notification would be given before a change. It wasn’t. They promised also that the change would only be made when all platforms and software have this TLS setting available. This hasn’t happened either.
I have made another complaint but they haven’t responded after nearly four days.
I’ve raised a new ticket with them today. You might want to do the same. I had the standard “will respond in up to 48 hours” response, but even then I don’t know that they will be motivated to withdraw this new setting. I said my sites were dead in the water because of this new setting. Lots of software is not working now - Fetch, EverWeb, RapidWeaver and others.
…and half an hour later I get a response from MacHighway that a few tweaks were performed and I can upload again. Even Fetch can access my files. They must have had a few frantic clients this week. Other than me.
It was working for both my major domains (on different accounts) this morning. I don’t trust the solution to be permanent. I hope that Realmac comes up with a solution or I get to do this whole song & dance again in a couple of weeks.
