I will give an example of setting up FTPS for PureFTPd running on a server with cPanel. For ProFTPD, the setup is almost the same.
The PureFTPd configuration file is located at /etc/pure-ftpd.conf, and it defaults to the ports for passive mode:
PassivePortRange 49152 65534
Ports must be opened in the firewall so that you can connect to the FTP server with encryption in passive mode.
If CSF is used, open the WHM panel and select “Plugins” – “ConfigServer Security & Firewall”, then “Firewall Configuration” and where “TCP_IN =” add at the end 49152:65534, for example:
20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,49152:65534
Click “Change” and then “Restart csf+lfd” to apply the changes and restart csf+lfd.
If the server uses IPTables, not CSF, then:
iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT
service iptables save
If firewalld, then:
firewall-cmd --permanent --zone=public --add-service=ftp
firewall-cmd --permanent --add-port=49152-65534/tcp
firewall-cmd --reload
Now in the WHM panel, open the menu “Service Configuration” – “FTP Server Configuration” and where “TLS Encryption Support” choose “Required (Command/Data)” so that when connecting to the FTP server, encryption is always performed. Click “Save” to save the changes and restart the FTP server.
Done, do not forget to specify in the FTP client settings that you need to connect with encryption or add ftps:// in the server address.
See also my article:
IPTables rules for FTP server