Thousands of SSL challenge files left in /var/www/vhosts/default/htdocs/.well-known/acme-challenge

[Bitpalast]

TITLE:

Thousands of SSL challenge files left in /var/www/vhosts/default/htdocs/.well-known/acme-challenge​

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:

Onyx 17.8
CentOS 7.6 latest MU
Latest Let's Encrypt extension version​

PROBLEM DESCRIPTION:

SSL challenge files are left in /var/www/vhosts/default/htdocs/.well-known/acme-challenge and are never deleted. On our systems we see well over 100,000 files in these directories.​

STEPS TO REPRODUCE:

Create a certificate​

ACTUAL RESULT:

See challenge file in /var/www/vhosts/default/htdocs/.well-known/acme-challenge​

EXPECTED RESULT:

Should be deleted once the authentication process is completed.​

ANY ADDITIONAL INFORMATION:

See thread Let's Encrypt extension on this.​

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:

Confirm bug​

 

[Hex]

I've just deleted 455 file from this directory, these files created while testing just for one single domain.
I can confirm this bug also on Plesk Obsidian 18.16 + 18.17
SSLit could be the root of this.

 

[Ales]

Our instances are without SSLit, but the issue is present.

Plesk Onyx 17.8.11 Update #65
Let's Encrypt Extenion 2.8.2-529
CentOS 7.6.1810

(all latest at this time)

 

[Hex]

Then it's lets encrypt
This improvement could be the case somewhere in
Change Log for Plesk

Improved chances of successful Let’s Encrypt HTTP challenge validation by using general locations for .well-known/acme-challenge. This helps issue an SSL/TLS certificate if a domain has some specially configured rewrite rules (certain web applications configure them by default) or access restrictions. You can revert this improvement by adding the following lines to the panel.ini file:

[ext-letsencrypt]
 use-common-challenge-dir = false

Or just a simple cron task doesn't clean up the tokens. stop predicting

 

[TomBoB]

Still the case on obsidian 18.0.20