FileZilla SSL/TLS Certificate Errors
Fix certificate warnings and TLS connection issues
Common SSL/TLS Error Messages
Error: Unknown certificate
Error: TLS handshake failed
Error: The certificate's owner does not match hostname
These errors occur when FileZilla can't verify the SSL/TLS certificate from your FTPS server.
Understanding SSL/TLS Certificate Errors
When connecting via FTPS (FTP over SSL/TLS), FileZilla verifies the server's SSL certificate to ensure secure communication. Errors occur when:
Self-signed certificate: Server uses a certificate not verified by a trusted authority
Expired certificate: SSL certificate validity period has passed
Hostname mismatch: Certificate is for a different domain/hostname
Incomplete chain: Missing intermediate certificates
Solution 1: Trust Self-Signed Certificate
If your server uses a self-signed certificate (common in development or private servers), you can manually trust it.
- 1
Connect to Server
Try connecting via FTPS. The certificate warning dialog will appear.
- 2
Review Certificate Details
Check the following:
- Subject: Should match your server's domain/hostname
- Issuer: Shows who issued the certificate (self-signed shows same as subject)
- Valid from/to: Ensure it's not expired
- Fingerprint (SHA-256): Unique identifier (verify with server admin)
- 3
Trust the Certificate
- Check "Always trust this certificate in future sessions"
- Click OK
- Connection proceeds with encryption enabled
FileZilla saves the certificate fingerprint. Future connections won't show the warning unless the certificate changes.
⚠️ Security Note
Only trust certificates from servers you control or trust completely. If you're unsure about a certificate, contact your server administrator to verify the fingerprint before accepting.
Solution 2: Fix Hostname Mismatch
Error: The certificate's owner does not match hostname
This means you're connecting using a different hostname than what the certificate was issued for.
❌ Common Mistake:
Certificate issued for: ftp.yoursite.com
You're connecting to: 192.168.1.100 (IP address)
✓ Solution:
- Connect using the hostname from the certificate
In FileZilla Site Manager:
Change
192.168.1.100toftp.yoursite.com - Or get a new certificate that includes your IP address or hostname (contact server admin)
Solution 3: Use Correct FTPS Encryption Type
Error: GnuTLS error -15: An unexpected TLS packet was received
This usually means you're using the wrong FTPS encryption type.
✓ Explicit FTPS (Most Common)
Settings:
- Protocol: FTP
- Port: 21
- Encryption: "Require explicit FTP over TLS"
Starts as plain FTP, upgrades to TLS with AUTH TLS command.
→ FTPS setup guideImplicit FTPS (Legacy)
Settings:
- Protocol: FTP
- Port: 990
- Encryption: "Require implicit FTP over TLS"
TLS connection established immediately on port 990.
💡 How to Fix
- Open Site Manager (Ctrl+S)
- Select your site
- Try switching between "Require explicit" and "Require implicit"
- Adjust port: 21 for explicit, 990 for implicit
- Reconnect
Solution 4: Update FileZilla
Older versions of FileZilla may not support modern TLS protocols or have SSL/TLS bugs.
How to Update:
- Check current version: Help → About FileZilla
- Download latest version: Visitour download page or filezilla-project.org
- Install update (closes FileZilla if running)
- Reopen and test your connection
Why updating helps:
- Latest TLS 1.2/1.3 protocol support
- Security patches for SSL vulnerabilities
- Bug fixes for certificate validation
- Updated root certificate authorities
Solution 5: Manage Trusted Certificates
If you previously trusted a certificate and want to remove it (e.g., server changed certificates):
Clear Trusted Certificates
- Open Settings: Edit → Settings
- Navigate to: Connection → FTP → Active mode → "Trusted certificates"
(Despite the name, this shows all trusted certificates)
- Find the certificate you want to remove (look for hostname/fingerprint)
- Select and delete the certificate
- Click OK
- Reconnect - you'll see the certificate warning again
Alternative: Use SFTP Instead
SFTP (SSH File Transfer Protocol) doesn't use SSL certificates - it uses SSH host keys instead, which are simpler and more reliable.
✓ Advantages of SFTP:
- No SSL certificate configuration needed
- Generally more secure than FTPS
- Simpler firewall setup (single port 22)
- Widely supported on modern servers
Still Having SSL/TLS Issues?
🔍 Enable Logging
- Go to Edit → Settings → Debug
- Set Debug level to "Verbose" or "Debug"
- Enable "Log to file"
- Try connecting again
- Check log file for detailed SSL/TLS error information
📧 Contact Server Administrator
Provide them with:
- Full error message from FileZilla
- Certificate details from the warning dialog
- Which encryption type you're trying (Explicit/Implicit)
- Ask them to verify server SSL configuration
🛡️ Check Firewall/Antivirus
Some antivirus software intercepts SSL/TLS connections and causes certificate errors. Try temporarily disabling SSL scanning in your antivirus or add FileZilla to the exceptions.
✓ SSL Error Resolved?
Frequently Asked Questions
Is it safe to trust a self-signed certificate?
Yes, if you trust the server owner. Self-signed certificates are common in development environments and private servers. They provide encryption but aren't verified by a trusted certificate authority. Always verify the certificate fingerprint with your server administrator first.
What is the difference between FTPS and SFTP SSL errors?
FTPS uses SSL/TLS certificates (port 21/990) and can have certificate errors. SFTP uses SSH (port 22) with host keys, which have different verification errors. SFTP doesn't use SSL certificates.
How do I get a proper SSL certificate for my server?
For production servers, get a free certificate from Let's Encrypt or purchase one from a certificate authority. Most hosting providers include free SSL certificates with their plans. Configure it in your hosting control panel.
Why does FileZilla show certificate errors on trusted sites?
This can happen if the certificate expired, hostname doesn't match (connecting via IP instead of domain), or certificate chain is incomplete. Contact your hosting provider to renew or fix the certificate.