same… because this is old one… i hope locked and focus on new post
Are you running any Docker containers with a bound volume? Could be that the container is recreating the folder, otherwise maybe a forgotten cronjob setting?
No Docker installed.
When you delete the website, how long does it take for the folder to re-appear?
- It changes, sometimes one day sometimes 3-4 hours. It’s totally random. Not related with system restart or something like that.
Did you have ssl on the website?
- Yes I have SSL on all websites.
Any automatic backup?
- No auto backup opened.
Similar for me. Random time. Sometimes maybe minutes sometimes days. I don’t really monitor it.
I’m thinking perhaps it’s an ssl thing now that you mention it - there’s probably a cert still somewhere and it tries to recreate the folder when there’s some cron or other process to check/renew it.
But I have no idea how I’d debug such a thing.
I found something like that, I tried and I hope it works;
- connect to your SSH
- Type command below (don’t forget to replace your domain name)
rm -rf /etc/letsencrypt/live/example.com - Hit enter
Nice one. I just did that and removed the /home/persistent-domain-name
folder again as well - will have to wait to see if it persists!
@usmannasir There’s also many other domains that I deleted a while ago in /etc/letsencrypt/live
. Should these not be deleted when you delete a website?
This didn’t work - the phantom website came back today at 00:07. However the folder in /etc/letsencrypt/live
did not come back. Running find / -iname domain.com
shows that the only folder/file is /home/domain.com
Try this to search inside all files:
grep -insr "domain.com" /*
Will take a long time. So try to limit it to specific folders, if doesn’t work then do a full search.
grep -insr "domain.com" /etc/*
grep -insr "domain.com" /usr/*
grep -insr "domain.com" /opt/*
grep -insr "domain.com" /home/*
I just ran this grep -rlw "domain.com" /* --exclude-dir={proc,tmp,mnt,bin,boot,opt,snap,srv,sys,run}
instead so as to only print the filenames.
/root/.local/share/nano/search_history
/root/allDB.sql
/root/.acme.sh/domain.com_ecc/domain.com.conf
/root/.acme.sh/domain.com_ecc/domain.com.csr.conf
/root/.bash_history
/usr/local/lscp/cyberpanel/logs/access.log
/usr/local/lsws/logs/access.log
/usr/local/lsws/logs/access.log.2022_06_04
/usr/local/lsws/conf/httpd_config.conf0,v
/usr/local/maldetect/logs/event_log
/var/lib/redis/dump.rdb
/var/lib/mysql/mysqld-bin.000083
/var/lib/mysql/mysqld-bin.000091
/var/lib/mysql/mysqld-bin.000039
/var/lib/mysql/mysqld-bin.000024
/var/lib/mysql/mysqld-bin.000013
/var/lib/mysql/mysqld-bin.000020
/var/lib/mysql/mysqld-bin.000028
/var/lib/mysql/mysqld-bin.000037
/var/lib/mysql/mysqld-bin.000119
/var/lib/mysql/mysqld-bin.000069
/var/lib/mysql/mysqld-bin.000023
/var/lib/mysql/ib_logfile0
/var/lib/mysql/mysqld-bin.000042
/var/lib/mysql/mysqld-bin.000035
/var/lib/mysql/mysqld-bin.000098
/var/lib/mysql/mysqld-bin.000097
/var/lib/mysql/mysqld-bin.000034
/var/lib/mysql/mysqld-bin.000087
/var/lib/mysql/mysqld-bin.000086
/var/lib/mysql/mysqld-bin.000124
/var/lib/mysql/mysqld-bin.000147
/var/lib/mysql/mysqld-bin.000002
/var/lib/mysql/mysqld-bin.000111
/var/lib/mysql/mysqld-bin.000041
/var/lib/mysql/mysqld-bin.000170
/var/lib/mysql/mysqld-bin.000025
/var/lib/mysql/mysqld-bin.000125
/var/lib/mysql/mysqld-bin.000167
/var/lib/mysql/ibdata1
/var/lib/mysql/mysqld-bin.000036
/var/lib/mysql/mysqld-bin.000132
/var/lib/mysql/mysqld-bin.000143
/var/lib/lsphp/session/lsphp73/sess_qatb9smvb83rjcivocsh0h69dk
/var/lib/lsphp/session/lsphp73/sess_kd99cknn890it0809tqmai46hs
/var/log/sudo-io/00/04/6M/ttyin
/var/log/sudo-io/00/04/6M/ttyout
/var/log/sudo-io/00/04/7L/ttyin
/var/log/sudo-io/00/04/7L/ttyout
/var/log/sudo-io/00/04/7U/ttyin
/var/log/sudo-io/00/04/7U/ttyout
/var/log/sudo-io/00/04/7O/stdout
/var/log/sudo-io/00/04/84/ttyout
/var/log/sudo-io/00/04/1D/ttyout
/var/log/sudo-io/00/02/U6/ttyout
/var/log/sudo-io/00/02/VZ/ttyout
/var/log/sudo-io/00/00/4Z/ttyout
/var/log/sudo-io/00/03/I2/ttyout
/var/log/lynis.log
/var/log/lynis-report.dat
They mostly seem tobe log files. This one seems most suspicious/promising /usr/local/lsws/conf/httpd_config.conf0,v
I see the domain many times there, but not sure what is really happening in it. There’s also plenty of other previously-used domains listed in that file that are not having this problem
About the conf,v file, i noticed i also got old domains but no folder creation at home about them.
I thought it could be something on the cyberpanel scripts, perhaps some paths/crons that changed from an older version that were still running, but that would had to show there.
Perhaps one of those mysql’s has any config that cyberpanel fetches and uses at any cronjob/function?
But on the other hand, if older domains also exist there but don’t create folders then wouldn’t make sense.
Yeah, its a mystery. Evidently SOMETHING is creating it, but who knows what…
I did a search of all sql databases and didn’t find anything related to this domain…
Yeah i already deleted it. I just restarted the server and it wasn’t recreated, which is typical. I’ll have to check tomorrow/in the future to see what happens
Wait, i just noticed all of these files by doing find / -iname "*domain.com*"
- the wildcards returned more results that weren’t there with just find / -iname domain.com
/root/.acme.sh/domain.com_ecc
/root/.acme.sh/domain.com_ecc/domain.com.cer
/root/.acme.sh/domain.com_ecc/domain.com.csr
/root/.acme.sh/domain.com_ecc/domain.com.conf
/root/.acme.sh/domain.com_ecc/domain.com.key
/root/.acme.sh/domain.com_ecc/domain.com.csr.conf
I see no reason why those should still exist so will delete them and see what happens. Though, that folder contains lots of domains that aren’t currently in use…
So far the folder hasn’t re-appeared. I’ll have to check back in a week or two. But, I’m optimistic that this /root/.acme.sh
folder is the problem…
It didn’t re-appear anymore?
Not yet! I’ve set a reminder to look in a couple weeks and will report back then
I just checked again and the folder hasn’t come back. I’ve marked my previous post as the solution.
plogical/vhost.py
line 398-401
### Delete ACME Folder
if os.path.exists('/root/.acme.sh/%s' % (items.domain)):
shutil.rmtree('/root/.acme.sh/%s' % (items.domain))
Into:
### Delete ACME Folder
if os.path.exists('/root/.acme.sh/%s' % (items.domain)):
shutil.rmtree('/root/.acme.sh/%s' % (items.domain))
### Delete _ecc
if os.path.exists('/root/.acme.sh/%s_ecc' % (items.domain)):
shutil.rmtree('/root/.acme.sh/%s_ecc' % (items.domain))
Thanks, I will look into this.