Problem creating new domains and SSL

jilabaca · October 7, 2025, 2:59pm

Hello everyone, I’m new here. We’ve been using HestiaCP at my university for a while now. We have almost 1,000 active users on our educational server. However, I’ve recently had two issues and don’t know how to resolve them. I hope you can help me.

The first error is when creating a site. With my test user, I enter the panel, click on add web domain, enter the domain name, and get the following error: Error: nginx restart failed. I refreshed and see that the domain was created anyway. Then I edit the domain and enable SSL using Let’s Encrypt and get the same error: Error: nginx restart failed. Could you guide me on how to resolve this issue?

sahsanu · October 7, 2025, 3:08pm

Hi,

Please, show the output of this command:

service nginx upgrade ; echo "Exit code: $?"

jilabaca · October 7, 2025, 3:13pm

I have this message:

# service nginx upgrade ; echo “Exit code: $?”
nginx: [emerg] open() “/var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log” failed (24: Too many open files)
nginx: configuration file /etc/nginx/nginx.conf test failed
Exit code: 1

I checked the documentation about the problem of too many open files, I did what was in the documentation, but when I do an nginx -t it still appears.

# cat /etc/systemd/system/nginx.service.d/override.conf
[Service]
LimitNOFILE=65536

# cat /etc/nginx/nginx.conf | grep worker_rlimit_nofile
worker_rlimit_nofile 65536;

sahsanu · October 7, 2025, 3:18pm

Show the output of this command:

curl -fsSLm10 https://7j.gg/chknof | bash -s --

I suppose Nginx has not been restarted properly and there is some Nginx process still running. You should stop Nginx, and be sure all Nginx processes are stopped and then start it again.

jilabaca · October 7, 2025, 3:29pm

I stopped all nginx processes and restarted hestia services. I detected that hestia services had ssl_stapling enabled, so I commented on it, as I had read in another post about an issue with Let’s Encrypt. So now it starts without that error message.

Here’s the command output.

# curl -fsSLm10 https://7j.gg/chknof | bash -s –
Checking services nginx apache2
The open files limit threshold has been set at 80%

Process 3512471 :: /usr/sbin/apache2 -k start
Current open files: 2955
Limit for open files: 8192

Process 3520557 :: /usr/sbin/apache2 -k start
Current open files: 2954
Limit for open files: 8192

Process 3520558 :: /usr/sbin/apache2 -k start
Current open files: 2966
Limit for open files: 8192

Process 3520559 :: /usr/sbin/apache2 -k start
Current open files: 2966
Limit for open files: 8192

Process 3521637 :: nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
Current open files: 2753
Limit for open files: 65536

Process 3521638 :: nginx: worker process
Current open files: 2855
Limit for open files: 65536

Process 3521639 :: nginx: worker process
Current open files: 2761
Limit for open files: 65536

Process 3521640 :: nginx: worker process
Current open files: 2751
Limit for open files: 65536

Process 3521642 :: nginx: worker process
Current open files: 2751
Limit for open files: 65536

Process 3521643 :: nginx: worker process
Current open files: 2751
Limit for open files: 65536

Process 3521644 :: nginx: worker process
Current open files: 2751
Limit for open files: 65536

Process 3521645 :: nginx: worker process
Current open files: 2751
Limit for open files: 65536

Process 3521646 :: nginx: worker process
Current open files: 2751
Limit for open files: 65536

Process 3521647 :: nginx: cache manager process
Current open files: 2748
Limit for open files: 65536

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() “/var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log” failed (24: Too many open files)
nginx: configuration file /etc/nginx/nginx.conf test failed

sahsanu · October 7, 2025, 3:41pm

Show the output of these commands:

cat /proc/sys/fs/file-nr
cat /proc/sys/fs/file-max
ls -lh /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
namei -l /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log

jilabaca · October 7, 2025, 3:43pm

Here is the output.

# cat /proc/sys/fs/file-nr
10080   0       9223372036854775807
# cat /proc/sys/fs/file-max
9223372036854775807
# ls -lh /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
-rw-r----- 1 root conce21089903 308K Oct  7 11:58 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
# namei -l /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log

f: /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
drwxr-xr-x root root          /
drwxr-xr-x root root          var
drwxrwxr-x root syslog        log
drwxr-x–x root adm           apache2
drwxr-x–x root root          domains
-rw-r----- root conce21089903 gabrieldaza.web.hosting-01.inacap.cl.log
#

sahsanu · October 7, 2025, 3:47pm

chown www-data /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
systemctl restart apache2
nginx -t && systemctl restart nginx

jilabaca · October 7, 2025, 3:50pm

# chown www-data /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
# systemctl restart apache2
# nginx -t && systemctl restart nginx
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() "/var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log" failed (24: Too many open files)
nginx: configuration file /etc/nginx/nginx.conf test failed
#
#
#
#
# ls -lh /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
-rw-r----- 1 www-data conce21089903 308K Oct  7 11:58 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
#

the same message continues

jilabaca · October 7, 2025, 3:52pm

Could all those logs be deleted? There are about 5,000 files.

# ll /var/log/apache2/domains/* | wc -l
5031
#

sahsanu · October 7, 2025, 3:56pm

Well, I wouldn’t delete any logs, maybe backup them first but 5000 files are too many files. How many sites your server has? Is your logrotate configured to retain too many logs?

Show the output of this command:

lsof | grep 'gabrieldaza.web.hosting-01.inacap.cl.log'

jilabaca · October 7, 2025, 4:00pm

The truth is that HestiaCP is configured almost by default, only the plan was modified, currently I have 962 users created and the plan assigned to them allows them to create 2 websites

root@hosting-01:/var/log/apache2/domains# lsof | grep 'gabrieldaza.web.hosting-01.inacap.cl.log'
nginx     3521637                                       root 1024w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
nginx     3521638                                   www-data 1024w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
nginx     3521639                                   www-data 1024w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
nginx     3521640                                   www-data 1024w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
nginx     3521642                                   www-data 1024w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
nginx     3521643                                   www-data 1024w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
nginx     3521644                                   www-data 1024w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
nginx     3521645                                   www-data 1024w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
nginx     3521646                                   www-data 1024w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
nginx     3521647                                   www-data 1024w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529569                                       root 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529571                                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572                                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529575 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529576 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529577 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529578 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529579 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529580 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529582 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529584 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529585 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529587 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529589 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529591 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529592 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529594 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529596 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529597 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529599 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529601 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529603 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529605 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529607 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529609 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529611 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529613 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529615 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529572 3529617 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573                                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529583 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529586 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529588 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529590 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529593 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529595 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529598 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529600 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529602 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529604 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529606 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529608 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529610 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529612 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529614 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529616 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529618 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529619 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529620 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529621 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529622 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529623 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529624 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529625 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529626 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
apache2   3529573 3529627 apache2                   www-data 2071w      REG              252,0    315220   20850895 /var/log/apache2/domains/gabrieldaza.web.hosting-01.inacap.cl.log
root@hosting-01:/var/log/apache2/domains#

jilabaca · October 7, 2025, 4:02pm

Unfortunately, I was asked for a hosting system for certain students and there was not much time, so searching I found HestiaCP. At first, we hadn’t had any problems until now.

sahsanu · October 7, 2025, 4:10pm

Well, having too many files on the same dir could cause those issues. Stop apache2, stop nginx, move all the files from that directory to a backup and restart nginx and apache2. It should work fine but for so many users you should split the use of logs by domains, you could do that creating custom templates for your users.

jilabaca · October 7, 2025, 5:08pm

I stopped the apache2, nginx and hestia services, backed up all the files in the /var/log/apache2/domains path, started the 3 services but when I do nginx -t it still shows me the same error.

root@hosting-01:/var/log/apache2/domains# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() "/var/log/apache2/domains/freem00d.web.hosting-01.inacap.cl.log" failed (24: Too many open files)
nginx: configuration file /etc/nginx/nginx.conf test failed
root@hosting-01:/var/log/apache2/domains#

sahsanu · October 7, 2025, 5:23pm

How many files are there now?

jilabaca · October 7, 2025, 5:28pm

root@hosting-01:/var/log/apache2/domains# ll |wc -l
2724
root@hosting-01:/var/log/apache2/domains#

All files were created as user root and group root

sahsanu · October 7, 2025, 5:33pm

Ok, right now doesn’t matter.

Could you please increase the limit of nofiles for apache2 too?

sed -i.bak -E 's/^#APACHE_ULIMIT/APACHE_ULIMIT/' /etc/apache2/envvars
mkdir -p /etc/systemd/system/apache2.service.d/
echo -e "[Service]\nLimitNOFILE=65535" > /etc/systemd/system/apache2.service.d/override.conf
systemctl daemon-reload
systemctl restart apache2

After that try to stop and start nginx again.

jilabaca · October 7, 2025, 5:38pm

sahsanu:

sed -i.bak -E 's/^#APACHE_ULIMIT/APACHE_ULIMIT/' /etc/apache2/envvars
mkdir -p /etc/systemd/system/apache2.service.d/
echo -e "[Service]\nLimitNOFILE=65535" > /etc/systemd/system/apache2.service.d/override.conf
systemctl daemon-reload
systemctl restart apache2

root@hosting-01:~# sed -i.bak -E 's/^#APACHE_ULIMIT/APACHE_ULIMIT/' /etc/apache2/envvars
root@hosting-01:~# mkdir -p /etc/systemd/system/apache2.service.d/
root@hosting-01:~# echo -e "[Service]\nLimitNOFILE=65535" > /etc/systemd/system/apache2.service.d/override.conf
root@hosting-01:~# cat /etc/systemd/system/apache2.service.d/override.conf
[Service]
LimitNOFILE=65535
root@hosting-01:~# systemctl daemon-reload
root@hosting-01:~# systemctl restart apache2
root@hosting-01:~# systemctl stop nginx
root@hosting-01:~# systemctl start nginx
root@hosting-01:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() "/var/log/apache2/domains/freem00d.web.hosting-01.inacap.cl.log" failed (24: Too many open files)
nginx: configuration file /etc/nginx/nginx.conf test failed
root@hosting-01:~#

same condition :S

Edit:

No, it’s a normal VM with a 1 terabyte disk. The hypervisor disks are presented via fiber from pure storage.

Note: The forum does not allow me to make more replies

An error occurred: We appreciate your enthusiasm, keep it up! That said, for the safety of our community, you’ve reached the maximum number of replies a new user can create on their first day. Please wait 21 hours and you’ll be able to create more replies.

output:

root@hosting-01:~# ps -ef | grep -E '[n]ginx'
root     3566620       1  0 14:05 ?        00:00:00 nginx: master process /usr/local/hestia/nginx/sbin/hestia-nginx
hestiaw+ 3566621 3566620  0 14:05 ?        00:00:00 nginx: worker process
root     3657046       1  0 14:35 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www-data 3657047 3657046  1 14:35 ?        00:00:08 nginx: worker process
www-data 3657048 3657046  0 14:35 ?        00:00:00 nginx: worker process
www-data 3657049 3657046  0 14:35 ?        00:00:00 nginx: worker process
www-data 3657051 3657046  0 14:35 ?        00:00:00 nginx: worker process
www-data 3657052 3657046  0 14:35 ?        00:00:00 nginx: worker process
www-data 3657053 3657046  0 14:35 ?        00:00:00 nginx: worker process
www-data 3657054 3657046  0 14:35 ?        00:00:00 nginx: worker process
www-data 3657055 3657046  0 14:35 ?        00:00:00 nginx: worker process
www-data 3657056 3657046  0 14:35 ?        00:00:00 nginx: cache manager process
root@hosting-01:~#

sahsanu · October 7, 2025, 5:40pm

That’s pretty strange. Is that dir mounted on a NFS, HDD, SSD… ?