It is a “feature” of OpenSSL to collect entropy/randomness if required for cryptography tasks, so for any certificate or key generation, encrypted network connection and such. However I never found one on my systems, no sure in which case these are used. Actually there are kernel files that provide entropy /dev/random and /dev/urandom. Probably OpenSSL (or the software that use its libs) create those files if the regular entropy pool is empty or if they don’t have permissions to access, not sure. Hard to find details about it.
Permissions would be actually a good reason. Lets say the webserver has no /dev/urandom access, so it (respectively OpenSSL, when being called) creates .rnd in your webroot to collect randomness there outside of /dev/urandom. Most likely the users home is used to store this file, which fits to other reports I found. The webserver usually runs as www-data with /var/www as its home dir. In your case the file is /var/www/.rnd, right?
If you are in mood to track it down, could you paste the following to check permissions:
ls -l /dev/*random