Actions
Bug #12670
openACME package writes credentials to system log
Status:
New
Priority:
Normal
Assignee:
Viktor Gurov
Category:
ACME
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:
Description
The acme renewal cron currently dumps the config into the system log:
<13>1 2022-01-09T03:57:32.299169+01:00 fw01.xxx.lan ACME 93105 - - ## Its time to renew ## <13>1 2022-01-09T03:57:32.299183+01:00 fw01.xxx.lan ACME 93105 - - Renewing certificate <13>1 2022-01-09T03:57:32.299198+01:00 fw01.xxx.lan ACME 93105 - - account: xxx <13>1 2022-01-09T03:57:32.299212+01:00 fw01.xxx.lan ACME 93105 - - server: letsencrypt-production-2 <13>1 2022-01-09T03:57:32.300864+01:00 fw01.xxx.lan ACME 93105 - - <13>1 2022-01-09T03:57:32.300896+01:00 fw01.xxx.lan ACME 93105 - - /usr/local/pkg/acme/acme.sh --issue --domain '*.infra.xxx.co.at' --dns 'dns_inwx' --home '/tmp/acme/infra.xxx.co.at/' --accountconf '/tmp/acme/infra.xxx.co.at/accountconf.conf' --force --reloadCmd '/tmp/acme/infra.xxx.co.at/reloadcmd.sh' --log-level 3 --log '/tmp/acme/infra.xxx.co.at/acme_issuecert.log' <13>1 2022-01-09T03:57:32.300916+01:00 fw01.xxx.lan ACME 93105 - - Array <13>1 2022-01-09T03:57:32.300931+01:00 fw01.xxx.lan ACME 93105 - - ( <13>1 2022-01-09T03:57:32.300945+01:00 fw01.xxx.lan ACME 93105 - - [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/ <13>1 2022-01-09T03:57:32.300958+01:00 fw01.xxx.lan ACME 93105 - - [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/ <13>1 2022-01-09T03:57:32.300972+01:00 fw01.xxx.lan ACME 93105 - - [INWX_User] => XXX <13>1 2022-01-09T03:57:32.300985+01:00 fw01.xxx.lan ACME 93105 - - [INWX_Password] => YYY <13>1 2022-01-09T03:57:32.300999+01:00 fw01.xxx.lan ACME 93105 - - [INWX_Shared_Secret] => <13>1 2022-01-09T03:57:32.301013+01:00 fw01.xxx.lan ACME 93105 - - ) <13>1 2022-01-09T03:57:38.616297+01:00 fw01.xxx.lan ACME 93105 - - [Sun Jan 9 03:57:33 CET 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
Imo this array shouldn't be spit out as it leaks information.
Actions