This Question is a bit older, but for other users with the same question:
You can just enable TLS in pureFTP like you would if ajenti was not installed.
Ajenti does not mess with your pureFTP configs..
For basic managing of additional ftp users, you could use my bash script, which can be included in ajenti:
Yes, full IPv6 Support for web-, mail- and ftpserver.
In general it should nowhere be a problem, because for example in the website administration, you enter the listen address manually, so you can enter ipv4 and ipv6 types.
I am using a standalone letsencrypt client.
I have my certs generated to /var/ssl/certs and provide that path to the ajenti nginx config.
maybe this is an option for you, too..
This is the client i am currently using (it is simpler that the official one..):
rewrite (.*) http://romanrandom.com$1 permanent;
Service d'assistance aux clients par UserEcho