NVT timed out error message

Hi Everyone,

I’m using OpenVAS 23.11 in the Community Edition and regularly test my Debian 11 web server with an authenticated scan.

Two NVT timed out error messages are displayed during the scan:

Directory Scanner’ and ‘Generic HTTP Directory Traversal (Web Root) - Active Check’. But it doesn’t really say what to do about it. Does anyone have any idea what to do with the information?

It is also noticeable that only one TLS certificate is displayed, but there should be six certificates. The certificates come from Certbot (Let’s encrypt) and are actually all in the same (standard) directory. If one is found, all the others should be too.


Thx CD

I suggest you dump the certificate as check if this are just alternative names or different certificates each with a unique serial number. You should check your setup of your web-root as well.

These are completely different domains with independent websites and their own certificates.

Thanks for your attention & Bye CD

That means nothing, do you have different serial numbers or are there aliases ?

If they were aliases, then there would only be one certificate, but I have six. With different expiration dates and, as I just checked, with different serial numbers.

If you run SNI you need to put all the hostnames into a scan-job to catch all certificates and sites with that scan.

1 Like

Isn’t this covered by the openvas config option expand_vhosts=yes? How and where do I have to specify the hostnames then? In a file, as with multiple IP addresses or somewhere else? Not to end up scanning the same server six times.

Thanks vor your attention