FTP Server security issue

Since updating to sparkle 4 my publishing settings have disappeared from sparkle. In reconfiguring publishing to web settings I keep receiving the error " FTP Server security issueThe encryption certificate of the FTP server is invalid or expired, security could be at risk. Connect anyway?". Connect anyway is useless as sparkle gets stuck in an infinite publishing process never to actually publish anything. I’ve changed nothing on the hosting side but when I click the option on this FTP security issue of “show certificate” it’s telling me the *bluehost.com certificate is not trusted. Publishing prior to updating was working fine so it seems that now in the process of re-setting up publishing settings Bluehost (my hosting service) and sparkle are not able to communicate via FTP. Any suggestions or advice is welcome, thanks!

You could see if your host has SFTP settings. If so, try publishing with those.

read this wrong, I will try this!

Hi @celinia, sorry about the trouble.

The loss of publish settings was mentioned here:

The FTP server issue is very common with web hosts, they put a generic certificate on their FTP server instead of a specific one for the FTP server name, while encryption works anyway, it’s a security issue that Sparkle needs to flag. In practice you can’t do anything about (web hosts don’t care), so you can only click Connect anyway.

Sparkle 4 didn’t change the publishing process significantly, so if you were able to publish previously you still should be (and we have many other people on bluehost that still use it).

Since the details of the setup are more private maybe you want to send us a screenshot of where Sparkle gets stuck, or what the “infinite publishing process” looks like, to feedback@sparkleapp.com, and we’ll figure it out.

Setting up SFTP like @francbrowne mentions is also an option. SFTP is a more modern and more robust protocol, but in bluehost’s case they chose to complicate it by requiring a key exchange (SFTP can be user/password based like FTP or user+key based). If you want to do that you can follow the instructions to enable SSH here: SSH Access | Bluehost Support – you can then use the downloaded key in place of the password, by clicking the key icon next to the password field in Sparkle’s publishing setup.

My webhost apparently does not support SFTP. If I try the Auto Detect option, I also get the spinning beach ball and a dead end.
When I set up publishing in Sparkle, I always have to tweak the settings as shown in this screen shot…and change it from AUTO DETECT to plain old FTP.
Once it’s on that, everything works fine.

Hi.

Is there anywhere to read which transmission protocol sparkle has chosen if you have selected auto-detection?

In FileZilla, for example, I can see FTP over TLS. Should one then choose the same settings in Sparkle?

Mr. F.

Sparkle picks an encrypted protocol if possible, or mentions that it’s going to be plain text if not. Or you can set it manually in the advanced section.

Which protocol ends up being selected is not actually shown.

Does this answer the question?

Hello.

No further questions, “Your Honor” :judge:.

I have tested all the settings under “advanced” and have now set the one that suits me best.

My web hoster has probably stored generic certificates.

Mr. F.

The issue was resolved thanks to all the feedback!

Hi @celinia

Would you mind sharing your success with us?
What was done to fix the problem? Others could benefit from it.

Mr. F.

1 Like

Agree with Fozzie, it would be very beneficial for others.