Project

General

Profile

Actions

Bug #12670

open

ACME package writes credentials to system log

Added by Florian Apolloner over 2 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
Viktor Gurov
Category:
ACME
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:

Description

The acme renewal cron currently dumps the config into the system log:

<13>1 2022-01-09T03:57:32.299169+01:00 fw01.xxx.lan ACME 93105 - - ## Its time to renew ##
<13>1 2022-01-09T03:57:32.299183+01:00 fw01.xxx.lan ACME 93105 - - Renewing certificate 
<13>1 2022-01-09T03:57:32.299198+01:00 fw01.xxx.lan ACME 93105 - - account: xxx 
<13>1 2022-01-09T03:57:32.299212+01:00 fw01.xxx.lan ACME 93105 - - server: letsencrypt-production-2 
<13>1 2022-01-09T03:57:32.300864+01:00 fw01.xxx.lan ACME 93105 - - 
<13>1 2022-01-09T03:57:32.300896+01:00 fw01.xxx.lan ACME 93105 - - /usr/local/pkg/acme/acme.sh  --issue  --domain '*.infra.xxx.co.at' --dns 'dns_inwx'  --home '/tmp/acme/infra.xxx.co.at/' --accountconf '/tmp/acme/infra.xxx.co.at/accountconf.conf' --force --reloadCmd '/tmp/acme/infra.xxx.co.at/reloadcmd.sh' --log-level 3 --log '/tmp/acme/infra.xxx.co.at/acme_issuecert.log'
<13>1 2022-01-09T03:57:32.300916+01:00 fw01.xxx.lan ACME 93105 - - Array
<13>1 2022-01-09T03:57:32.300931+01:00 fw01.xxx.lan ACME 93105 - - (
<13>1 2022-01-09T03:57:32.300945+01:00 fw01.xxx.lan ACME 93105 - -     [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
<13>1 2022-01-09T03:57:32.300958+01:00 fw01.xxx.lan ACME 93105 - -     [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
<13>1 2022-01-09T03:57:32.300972+01:00 fw01.xxx.lan ACME 93105 - -     [INWX_User] => XXX
<13>1 2022-01-09T03:57:32.300985+01:00 fw01.xxx.lan ACME 93105 - -     [INWX_Password] => YYY
<13>1 2022-01-09T03:57:32.300999+01:00 fw01.xxx.lan ACME 93105 - -     [INWX_Shared_Secret] => 
<13>1 2022-01-09T03:57:32.301013+01:00 fw01.xxx.lan ACME 93105 - - )
<13>1 2022-01-09T03:57:38.616297+01:00 fw01.xxx.lan ACME 93105 - - [Sun Jan  9 03:57:33 CET 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory

Imo this array shouldn't be spit out as it leaks information.

Actions

Also available in: Atom PDF