Comodoca File in accounts

mrm200000

Registered
Sep 1, 2012
1
0
1
cPanel Access Level
Root Administrator
Hi , i found random text file in cpanel
like

2B784B230FF368E94423643A7FFA03AF.txt
6B9E13D679F2F33C759E2070D9565244.txt
77E5559B0F92988AD9A42E9B3EF0D4D2.txt
AF4C88C012D1424C2A11922C2DEF862D.txt
CB9459AFEE4CC6A59EFA35AE2CECB665.txt
CD8156C80927760D4AE2B353C35656A8.txt
DB25AA0F52421614921AC6196BB3A2E9.txt
EFA87EC0585C7E136D50E0A450633166.txt

and contain

0930749093d35dd49cdb728f666f3bc4f262c71b
comodoca.com
 
Last edited by a moderator:

danielpmc

Well-Known Member
Nov 3, 2016
78
33
18
usa
cPanel Access Level
Reseller Owner
Hello mrm200000,

I have had the same thing happen to me. Right after cPanel version 60 was released i went into the AutoSSL settings and ran a check on one of my domains to see how it would assign a free SSL. It seemed like nothing happened so i ran the AutoSSL check again and proceeded to do this multipe times. Sometimes i am not the most patient guy around.

Little did i know but each time i ran the SSL check it added a comodo .txt file into my domains cPanel/public_html. The text file is a verification check file by cPanel used to determine if an AutoSSL file is in place or not. cPanel will verify if this file exists when it updates in your server. If the .txt file is there then the code in the .txt file will say when the SSL certificate was enabled and when it expires. If there is not a legitimate comodo .txt file, then it will or will not install a AutoSSL certificate according to settings either by you or your host in WHM/SSLTLS/AutoSSL.

Helpful hint:

There are two ways you can fix this.

1. Remove the .txt files and let cPanel install a new AutoSSL certificate when it does its automatic update in your server. Most servers are set to allow cPanel to update at least every 24 hours. (If you remove the .txt files, your domain will not have SSL until AutoSSL installs a certificate)

Or

2. Look at the date each of the .txt files were added to your public_html and remove all but the most recent date.

Hope this helps you out.
danielpmc
 

Ajdin

Member
Sep 17, 2015
15
0
51
Novi Travnik
cPanel Access Level
Root Administrator
Hello,

is there any way to stop this because it creates files on every account and we have issue with clients and question "Why" and "Your server is infected and etc..".
How can we stop AutoSSL from creating this txt files in user accounts?

Best regards.
 

danielpmc

Well-Known Member
Nov 3, 2016
78
33
18
usa
cPanel Access Level
Reseller Owner
Hello Ajdin,

Look above at CPanelMichaels post. The link he posted will show when cPanel Developers come up with a solution to prevent multiple entries.

Wish there was a solution to offer to fix that now, but until cPanel Developers release an update to this all cPanel users are facing the same issue. As far as your clients are concerned you could share a link to this thread so they can see that you are addressing the problem and cPanel staff are aware and working on it. This way they can see that it is not a virus or bad server management by you.

Here is the link to share with clients:

Code:
https://forums.cpanel.net/threads/comodoca-file-in-accounts.584482/#post-2369902
Hope this helps you out,
danielpmc
 
  • Like
Reactions: cPanelMichael

basketmen

Well-Known Member
Sep 9, 2010
128
1
66
Hello mrm200000,

I have had the same thing happen to me. Right after cPanel version 60 was released i went into the AutoSSL settings and ran a check on one of my domains to see how it would assign a free SSL. It seemed like nothing happened so i ran the AutoSSL check again and proceeded to do this multipe times. Sometimes i am not the most patient guy around.

Little did i know but each time i ran the SSL check it added a comodo .txt file into my domains cPanel/public_html. The text file is a verification check file by cPanel used to determine if an AutoSSL file is in place or not. cPanel will verify if this file exists when it updates in your server. If the .txt file is there then the code in the .txt file will say when the SSL certificate was enabled and when it expires. If there is not a legitimate comodo .txt file, then it will or will not install a AutoSSL certificate according to settings either by you or your host in WHM/SSLTLS/AutoSSL.

Helpful hint:

There are two ways you can fix this.

1. Remove the .txt files and let cPanel install a new AutoSSL certificate when it does its automatic update in your server. Most servers are set to allow cPanel to update at least every 24 hours. (If you remove the .txt files, your domain will not have SSL until AutoSSL installs a certificate)

Or

2. Look at the date each of the .txt files were added to your public_html and remove all but the most recent date.

Hope this helps you out.
danielpmc


sorry to reply this thread

i got this thing too suddenly since few days ago, even there is nothing i do in whm/cpanel in the last few days



got 3 txt files in ftp

and

1 htaccess file
that containing this line only : RewriteEngine on

the problem is i put htaccess content in httpd.conf
so if there is htaccess file in ftp, its breaking my website




i already tried danielpmc suggestion above,
Remove the 3 .txt or 1 the most recent date txt, in this few days
but still same, there is still the 3 new txt & 1 htaccess file




any suggestion so the 3 txt & 1 htaccess file not added again? at least just the htaccess file




Nb.
- its happening every 10.10pm, that is about 20 minutes ago
- i already read this too 60 Change Log - Change Logs - cPanel Documentation , but still dont know what is the answer yet
 

danielpmc

Well-Known Member
Nov 3, 2016
78
33
18
usa
cPanel Access Level
Reseller Owner
the problem is i put htaccess content in httpd.conf
Hello there @basketmen,

Your .htaccess codes go in a cPanel/public_html/.htaccess file, only certain types of code are used within the httpd.conf file. I suspect that is why you are having the issue.

IMPORTANT: all .htaccess files must start with a dot (.htaccess not htaccess) and set the chmod (permissions) to 644. Remember that if you are using Rewrite codes then you need to add RewriteEngine on only once in your cPanel/public_html/.htaccess file.

I would suggest commenting out only the codes you added to the httpd.conf, after adding codes to the public_html .htaccess file. Otherwise you could create a conflict in your server.

Hope this helps you out and if you need more help please post here ONLY the codes you are adding to the httpd.conf file and i or someone else can get a better idea of what is going on and help you further. DO NOT INCLUDE your server IP, server name or other Identifying info. If the codes contain your domain name, replace the domains name with example.com before posting them here.

This is a post i wrote about .htaccess tips a while back if you need.
Tips for .htaccess

danielpmc
 
Last edited:

basketmen

Well-Known Member
Sep 9, 2010
128
1
66
Hello there @basketmen,

Your .htaccess codes go in a cPanel/public_html/.htaccess file, only certain types of code are used within the httpd.conf file. I suspect that is why you are having the issue.

IMPORTANT: all .htaccess files must start with a dot (.htaccess not htaccess) and set the chmod (permissions) to 644. Remember that if you are using Rewrite codes then you need to add RewriteEngine on only once in your cPanel/public_html/.htaccess file.

I would suggest commenting out only the codes you added to the httpd.conf, after adding codes to the public_html .htaccess file. Otherwise you could create a conflict in your server.

Hope this helps you out and if you need more help please post here ONLY the codes you are adding to the httpd.conf file and i or someone else can get a better idea of what is going on and help you further. DO NOT INCLUDE your server IP, server name or other Identifying info. If the codes contain your domain name, replace the domains name with example.com before posting them here.

This is a post i wrote about .htaccess tips a while back if you need.
Tips for .htaccess

danielpmc
i mean .htaccess file (with the dot)

there is no problem with the filename & i really understand about .htaccess

what i dont understand, how to prevent everyday now creating new .htaccess file?

i already tried suggestion in post #2, Remove the 3 .txt or left only 1 the most recent date txt, in this few days
but still same, there is still the 3 new txt & 1 .htaccess file


please help guys, everyday now i need to delete the txt & .htaccess file, at about 10.10pm, otherwise my site not working
the site is wordpress btw, the rewriterule in httpd.conf like this tinywp.in/move-htaccess-rule-to-apache-conf/
 
Last edited by a moderator:

basketmen

Well-Known Member
Sep 9, 2010
128
1
66
please help, how is it, its still creating 3 .txt files & 1 .htaccess file about 10.10pm, that is 5 minutes ago

now there is about 14 .txt files in my ftp,
i already removed the .htaccess file
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello @basketmen,

It's likely the AutoSSL validation process is failing for that account. Feel free to open a support ticket using the link in my signature so we can take a closer look to see why that's happening. You can post the ticket number here so we can update this thread with the outcome.

Thank you.