Login loop after upgrade

iliaswhoelse · April 12, 2026, 9:06pm

Hello everyone,

I’m having a problem with HestiaCP after an upgrade.

The login page loads fine, my credentials are accepted, and the auth log shows successful login, but the panel immediately redirects me back to /login/ instead of opening the dashboard. This happens with multiple accounts, different browsers, incognito mode, the hostname, and also the server IP directly.

What I already checked:

• Hestia, nginx, and apache are running
• panel on port 8083 is reachable
• server reboot did not help
• restarting services did not help
• disabling IP session check temporarily did not help
• changed password of cp admin user
• removed old session files
• changed permissions

In /usr/local/hestia/log/auth.log, logins are marked as successful.
In /var/log/hestia/nginx-error.log, I repeatedly see requests for:

• /css/themes/custom/.css

The issue seems similar to the login-loop reports after Hestia 1.9.x upgrades, and my server is now on 1.9.4.

Has anyone seen this exact behaviour and found the proper fix?

sahsanu · April 12, 2026, 9:15pm

Hi @iliaswhoelse

That behaviour is seen when disk is full.

df -h

iliaswhoelse · April 12, 2026, 9:17pm

Hi Sahsanu,

Thank you for your fast reply. Unfortunately it doesn’t seem like it. I also checked the user quota’s, but that hasn’t been set.

root@hestiacp:/var/log/hestia# grep -i quota /etc/fstab
LABEL=cloudimg-rootfs   /        ext4   discard,commit=30,errors=remount-ro,usrquota,grpquota,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0    0 1

root@hestiacp:/var/log/hestia# repquota -s -a -O csv | awk -F’,’ ‘$5 != “0K” {print $1,$2,$3,$4,$5,$6,$7}’ | column -t
User  SpaceStatus  FileStatus  SpaceUsed  SpaceSoftLimit  SpaceHardLimit  SpaceGrace

root@hestiacp:/var/log/hestia# df -h
Filesystem      Size  Used Avail Use% Mounted on
tmpfs           591M  1.5M  589M   1% /run
/dev/sda1        45G   11G   34G  25% /
tmpfs           2.9G  1.2M  2.9G   1% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
efivarfs        256K   17K  240K   7% /sys/firmware/efi/efivars
/dev/sda16      891M  275M  554M  34% /boot
/dev/sda15       98M  6.4M   92M   7% /boot/efi
tmpfs           591M  8.0K  591M   1% /run/user/1001
tmpfs           591M  8.0K  591M   1% /run/user/1006

sahsanu · April 12, 2026, 9:21pm

Try to login again and show the entire output from /var/log/hestia/nginx-error.log for that session.

Show also the output of this command:

ls -la /usr/local/hestia/data/sessions

iliaswhoelse · April 12, 2026, 9:46pm

nginx-error.log doesn’t throw any errors when logging in.

root@hestiacp:/home/ubuntu# ls -la /usr/local/hestia/data/sessions
total 112
drwxrwx---  2 hestiaweb hestiaweb 36864 Apr 12 23:25 .
drwxr-xr-x 12 root      root       4096 Jun 15  2025 ..
-rw-------  1 hestiaweb hestiaweb   217 Apr 12 22:39 sess_0gfrf614fv90q5sq0vn64odibr
-rw-------  1 hestiaweb hestiaweb   217 Apr 12 22:41 sess_baaj8lf07nqo7adhghtqicgmai
-rw-------  1 hestiaweb hestiaweb   116 Apr 12 22:26 sess_bpi2eo2fqef68ophgema9ih4r7
-rw-------  1 hestiaweb hestiaweb   116 Apr 12 22:53 sess_ch6nvqtcf2sshb5eumfdpf4hfp
-rw-------  1 hestiaweb hestiaweb   114 Apr 12 22:46 sess_dnho93lqummsbnqdge14v8aesu
-rw-------  1 hestiaweb hestiaweb   217 Apr 12 22:36 sess_e9i7teuksqjui3n4j8s0f87bhc
-rw-------  1 hestiaweb hestiaweb     0 Apr 12 23:17 sess_elmm4enpbonc4dn1ansao7672o
-rw-------  1 hestiaweb hestiaweb   116 Apr 12 23:25 sess_gr0hqckls9bm9itnq0e3bkj1vj
-rw-------  1 hestiaweb hestiaweb   217 Apr 12 22:49 sess_h4c3qmkku528uses3l5jc2f158
-rw-------  1 hestiaweb hestiaweb   114 Apr 12 23:21 sess_i5m0dm2d3rpb3ibt1j2h7iipak
-rw-------  1 hestiaweb hestiaweb   109 Apr 12 23:09 sess_m3eh2cgpo6748hagvclqoj06hg
-rw-------  1 hestiaweb hestiaweb   217 Apr 12 23:25 sess_mn4olnui06r2n6v5mhv99hjall
-rw-------  1 hestiaweb hestiaweb   114 Apr 12 23:17 sess_nik2v5mvnt6ga28q7lnqc3iei6
-rw-------  1 hestiaweb hestiaweb     0 Apr 12 23:21 sess_qm0juu88nprooa71n15adfhm93
-rw-------  1 hestiaweb hestiaweb   217 Apr 12 23:10 sess_r3bst1h92sv6se7an3a04b2mm5
-rw-------  1 hestiaweb hestiaweb   217 Apr 12 22:37 sess_s5vjs7if0c5h4s0cotisq0ekn8
-rw-------  1 hestiaweb hestiaweb   217 Apr 12 22:52 sess_svvmu615n8gnuccbn9c81jh2t3
-rw-------  1 hestiaweb hestiaweb     0 Apr 12 22:45 sess_tbjgkii4700u1b1mhq8eunomt7
-rw-------  1 hestiaweb hestiaweb   109 Apr 12 22:47 sess_tr9g97bp1o52rr1etdkjniui5j
-rw-------  1 hestiaweb hestiaweb   217 Apr 12 22:38 sess_vec40614kt3adhu73lk9i3t50b

sahsanu · April 12, 2026, 9:53pm

Double check that the errors you see in that log are from today. There is a bug rotating those logs and possibly the current log is nginx-error.log.1 instead of nginx-error.log

If you don’t see any error, backup dir /usr/local/hestia/ and reinstall the package (it won’t remove/change/etc. any user)

apt reinstall hestia

iliaswhoelse · April 12, 2026, 9:56pm

I found the cause and fixed it.

After checking the logs more closely, the real problem turned out to be a malformed setting in /usr/local/hestia/conf/hestia.conf: FILE_MANAGER=“true” was set with the wrong quoting, while it should have been FILE_MANAGER=‘true’.

Because of that, v-list-sys-config json returned malformed JSON for the FILE_MANAGER field, which broke Hestia’s internal config/session loading after login.

I corrected the line, restarted Hestia, and after that the login worked normally again.

For future troubleshooters, make sure v-list-sys-config returns a healthy JSON output.

TYSM @sahsanu for your help.

sahsanu · April 12, 2026, 9:57pm

Great! I’m glad you solved the issue.