Leftover tmp cert files #2

Hi all,

Since I can’t update the previous thread about the same issue, I’m reposting here (mods please feel free to move this post).

While doing some manual server housekeeping, I noticed some leftover ssl cert tmp files under /home/admin

root@myserver:~# ls -lR /home/admin/web/myserver.mydomain.tld/
/home/admin/web/myserver.mydomain.tld/:
total 4
drwxr-x–x 2 admin admin 2 Jul 14 2020 cgi-bin
drwxr-x–x 2 admin admin 6 Sep 30 20:26 document_errors
dr-xr-x–x 2 admin admin 4 Sep 30 20:26 logs
drwxr-x–x 3 admin admin 3 Oct 2 03:34 private
drwxr-x–x 2 admin www-data 4 Jul 14 2020 public_html
drwxr-x–x 2 admin www-data 4 Jul 14 2020 public_shtml
dr-xr-x–x 2 admin admin 2 Jul 14 2020 stats

/home/admin/web/myserver.mydomain.tld/cgi-bin:
total 0

/home/admin/web/myserver.mydomain.tld/document_errors:
total 11
-rw-r–r-- 1 admin admin 3044 Sep 30 20:26 403.html
-rw-r–r-- 1 admin admin 3302 Sep 30 20:26 404.html
-rw-r–r-- 1 admin admin 3086 Sep 30 20:26 410.html
-rw-r–r-- 1 admin admin 3182 Sep 30 20:26 50x.html

/home/admin/web/myserver.mydomain.tld/logs:
total 1
lrwxrwxrwx 1 root root 54 Sep 30 20:26 myserver.mydomain.tld.error.log → /var/log/apache2/domains/myserver.mydomain.tld.error.log
lrwxrwxrwx 1 root root 48 Sep 30 20:26 myserver.mydomain.tld.log → /var/log/apache2/domains/myserver.mydomain.tld.log

/home/admin/web/myserver.mydomain.tld/private:
total 2
drwx------ 2 admin admin 6 Oct 2 03:34 tmp.52FEMfxt8F

/home/admin/web/myserver.mydomain.tld/private/tmp.52FEMfxt8F:
total 17
-rw-rw---- 1 admin admin 3750 Aug 4 03:34 myserver.mydomain.tld.ca
-rw-rw---- 1 admin admin 2199 Aug 4 03:34 myserver.mydomain.tld.crt
-rw-rw---- 1 admin admin 3243 Aug 4 03:34 myserver.mydomain.tld.key
-rw-rw---- 1 admin admin 5950 Aug 4 03:34 myserver.mydomain.tld.pem

/home/admin/web/myserver.mydomain.tld/public_html:
total 3
-rw-r–r-- 1 admin admin 2906 Jul 14 2020 index.html
-rw-r–r-- 1 admin admin 66 Jul 14 2020 robots.txt

/home/admin/web/myserver.mydomain.tld/public_shtml:
total 3
-rw-r–r-- 1 admin admin 2906 Jul 14 2020 index.html
-rw-r–r-- 1 admin admin 66 Jul 14 2020 robots.txt

/home/admin/web/myserver.mydomain.tld/stats:
total 0
root@myserver:~#

TIA.

PS: Btw is default HestiaCP config affected by the recent Apache 2.4.49/50 bug that is being exploited recently ( critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)

I noticed will take a look at it and probally should remove them…

apt update to the last version

New install…

root@cp:/usr/local/hestia/bin# apache2 -v
Server version: Apache/2.4.51 (Ubuntu)
Server built: 2021-10-07T19:17:29
root@cp:/usr/local/hestia/bin#

Hi eris,

I’m using HestiaCP 1.4.17 with apache 2.4.51 (from sury repo) on Debian 10.

But according to dpkg.log it was upgraded to 2.4.49 on 5-Oct-2021 …

Just FYI I keep getting left-over temp files from LE cert (on a server running HestiaCP 1.4.17 on a vanilla Debian 10.11 OS):

root@myserver:/home# md5sum admin/conf/web/myserver.mydomain.tld/ssl/*
c51b091539047b237e0455a018b99bf6 admin/conf/web/myserver.mydomain.tld/ssl/myserver.mydomain.tld.ca
ba6a79be0af268bd6f9f52eb457f36ac admin/conf/web/myserver.mydomain.tld/ssl/myserver.mydomain.tld.crt
18e2223959c3ac64a962f6e463c20402 admin/conf/web/myserver.mydomain.tld/ssl/myserver.mydomain.tld.key
12fae6b50e7bbe2c82b48984f981bb5c admin/conf/web/myserver.mydomain.tld/ssl/myserver.mydomain.tld.pem
root@myserver:/home# md5sum admin/web/myserver.mydomain.tld/private/tmp.I4HkGDGhly/*
c51b091539047b237e0455a018b99bf6 admin/web/myserver.mydomain.tld/private/tmp.I4HkGDGhly/myserver.mydomain.tld.ca
bf9de1c8d994ad9aea33cfa78b35cb08 admin/web/myserver.mydomain.tld/private/tmp.I4HkGDGhly/myserver.mydomain.tld.crt
caae66054eda1171a4243aff4aed4b9c admin/web/myserver.mydomain.tld/private/tmp.I4HkGDGhly/myserver.mydomain.tld.key
d71790237dfc12c466ef7c9cef22e98f admin/web/myserver.mydomain.tld/private/tmp.I4HkGDGhly/myserver.mydomain.tld.pem
root@myserver:/home#

Update to the last version 1.5.0 and delete the files one time and the should never come back again…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.