Redirect 301 nightmare!

neven · February 8, 2022, 9:14am

Today i woke up to a complete nightmare.
Hestia 301 redirected 6 of my domains on production system.

Log below. (i replaced identifiable data with UserX and domainX)
It seems this happened during let’s encrypt renewal.
only first redirect domain1 to domain2 was wanted, but 6 additional domains from other users got redirected to domain2 also which of course was not wanted.

2022-02-06 05:43:03 v-delete-web-domain-redirect  'User1' 'domain1.tld'
2022-02-06 05:43:04 v-restart-service  'apache2' ''
2022-02-06 05:43:06 v-delete-firewall-ban  '193.56.29.119' 'MAIL'
2022-02-06 05:43:06 v-restart-service  'nginx' ''
2022-02-06 05:43:06 v-delete-web-domain-ssl-force  'User1' 'domain1.tld'
2022-02-06 05:43:07 v-restart-service  'bind9'
2022-02-06 05:43:07 v-delete-dns-record  'User1' 'domain1.tld' '23'
2022-02-06 05:43:07 v-restart-service  'bind9'
2022-02-06 05:43:07 v-add-dns-record  'User1' 'domain1.tld' '@' 'CAA' '0 issue "letsencrypt.org"'
2022-02-06 05:43:09 v-restart-service  'nginx' ''
2022-02-06 05:43:26 v-restart-service  'nginx' ''
2022-02-06 05:43:43 v-generate-ssl-cert  'domain1.tld' '[email protected]' 'US' 'California' 'San Francisco' 'Hestia' 'IT' 'www.domain1.tld'
2022-02-06 05:43:46 v-restart-service  'apache2' ''
2022-02-06 05:43:47 v-restart-service  'nginx' ''
2022-02-06 05:43:47 v-update-web-domain-ssl 
2022-02-06 05:43:47 v-add-letsencrypt-domain  'User1' 'domain1.tld' 'www.domain1.tld'
2022-02-06 05:43:47 v-restart-service  'apache2' ''
2022-02-06 05:43:48 v-restart-service  'nginx' ''
2022-02-06 05:43:48 v-add-web-domain-ssl-force  'User1' 'domain1.tld'
2022-02-06 05:43:48 v-add-web-domain-redirect  'User1' 'domain1.tld' 'https://domain2.tld' '301'
2022-02-06 05:44:01 v-restart-service  'nginx' ''
2022-02-06 05:44:18 v-restart-service  'nginx' ''
2022-02-06 05:44:35 v-delete-firewall-ban  '5.34.207.67' 'MAIL'
2022-02-06 05:44:35 v-generate-ssl-cert  'mail.domain1.tld' '[email protected]' 'US' 'California' 'San Francisco' 'Hestia' 'IT' 'webmail.domain1.tld'
2022-02-06 05:44:38 v-restart-service  'apache2' ''
2022-02-06 05:44:38 v-restart-service  'nginx' ''
2022-02-06 05:44:38 v-update-mail-domain-ssl 
2022-02-06 05:44:38 v-add-letsencrypt-domain  'User1' 'domain1.tld' '' 'yes'
2022-02-06 05:44:40 v-delete-firewall-ban  '5.34.205.98' 'MAIL'
2022-02-06 05:44:48 v-delete-firewall-ban  '5.34.207.46' 'MAIL'
2022-02-06 05:44:51 v-delete-web-domain-redirect  'User2' 'domain3.tld'
2022-02-06 05:44:51 v-restart-service  'apache2' ''
2022-02-06 05:44:52 v-restart-service  'nginx' ''
2022-02-06 05:44:52 v-delete-web-domain-ssl-force  'User2' 'domain3.tld'
2022-02-06 05:44:53 v-restart-service  'bind9'
2022-02-06 05:44:53 v-delete-dns-record  'User2' 'domain3.tld' '31'
2022-02-06 05:44:53 v-restart-service  'bind9'
2022-02-06 05:44:53 v-add-dns-record  'User2' 'domain3.tld' '@' 'CAA' '0 issue "letsencrypt.org"'
2022-02-06 05:44:55 v-restart-service  'nginx' ''
2022-02-06 05:44:59 v-add-firewall-chain  'MAIL'
2022-02-06 05:44:59 v-add-firewall-ban  '5.34.207.67' 'MAIL'
2022-02-06 05:45:12 v-generate-ssl-cert  'domain3.tld' '[email protected]' 'US' 'California' 'San Francisco' 'Hestia' 'IT' ''
2022-02-06 05:45:15 v-restart-service  'apache2' ''
2022-02-06 05:45:15 v-restart-service  'nginx' ''
2022-02-06 05:45:15 v-update-web-domain-ssl 
2022-02-06 05:45:15 v-add-letsencrypt-domain  'User2' 'domain3.tld' ''
2022-02-06 05:45:16 v-restart-service  'apache2' ''
2022-02-06 05:45:16 v-restart-service  'nginx' ''
2022-02-06 05:45:16 v-add-web-domain-ssl-force  'User2' 'domain3.tld'
2022-02-06 05:45:16 v-add-web-domain-redirect  'User2' 'domain3.tld' 'https://domain2.tld' '301'
2022-02-06 05:45:27 v-delete-web-domain-redirect  'User2' 'domain4.tld'
2022-02-06 05:45:27 v-restart-service  'apache2' ''
2022-02-06 05:45:28 v-restart-service  'nginx' ''
2022-02-06 05:45:28 v-delete-web-domain-ssl-force  'User2' 'domain4.tld'
2022-02-06 05:45:30 v-restart-service  'nginx' ''
2022-02-06 05:45:34 v-delete-firewall-ban  '5.34.205.74' 'MAIL'
2022-02-06 05:45:47 v-restart-service  'nginx' ''
2022-02-06 05:45:50 v-add-firewall-chain  'MAIL'
2022-02-06 05:45:50 v-add-firewall-ban  '5.34.207.46' 'MAIL'
2022-02-06 05:46:03 v-generate-ssl-cert  'domain4.tld' '[email protected]' 'US' 'California' 'San Francisco' 'Hestia' 'IT' 'www.domain4.tld'
2022-02-06 05:46:06 v-restart-service  'apache2' ''
2022-02-06 05:46:07 v-restart-service  'nginx' ''
2022-02-06 05:46:07 v-update-web-domain-ssl 
2022-02-06 05:46:07 v-add-letsencrypt-domain  'User2' 'domain4.tld' 'www.domain4.tld'
2022-02-06 05:46:07 v-restart-service  'apache2' ''
2022-02-06 05:46:08 v-restart-service  'nginx' ''
2022-02-06 05:46:08 v-add-web-domain-ssl-force  'User2' 'domain4.tld'
2022-02-06 05:46:08 v-add-web-domain-redirect  'User2' 'domain4.tld' 'https://domain2.tld' '301'
2022-02-06 05:46:19 v-delete-web-domain-redirect  'User3' 'domain5.tld'
2022-02-06 05:46:19 v-restart-service  'apache2' ''
2022-02-06 05:46:20 v-restart-service  'nginx' ''
2022-02-06 05:46:20 v-delete-web-domain-ssl-force  'User3' 'domain5.tld'
2022-02-06 05:46:21 v-restart-service  'bind9'
2022-02-06 05:46:21 v-delete-dns-record  'User3' 'domain5.tld' '41'
2022-02-06 05:46:21 v-restart-service  'bind9'
2022-02-06 05:46:21 v-add-dns-record  'User3' 'domain5.tld' '@' 'CAA' '0 issue "letsencrypt.org"'
2022-02-06 05:46:23 v-restart-service  'nginx' ''
2022-02-06 05:46:34 v-delete-firewall-ban  '194.99.45.5' 'MAIL'
2022-02-06 05:46:40 v-restart-service  'nginx' ''
2022-02-06 05:46:41 v-delete-firewall-ban  '92.255.85.135' 'SSH'
2022-02-06 05:46:42 v-delete-firewall-ban  '5.34.207.107' 'MAIL'
2022-02-06 05:46:45 v-add-firewall-chain  'MAIL'
2022-02-06 05:46:45 v-add-firewall-ban  '5.34.205.74' 'MAIL'
2022-02-06 05:46:51 v-add-firewall-chain  'MAIL'
2022-02-06 05:46:51 v-add-firewall-ban  '5.34.205.98' 'MAIL'
2022-02-06 05:46:57 v-generate-ssl-cert  'domain5.tld' '[email protected]' 'US' 'California' 'San Francisco' 'Hestia' 'IT' 'www.domain5.tld'
2022-02-06 05:46:59 v-restart-service  'apache2' ''
2022-02-06 05:47:00 v-restart-service  'nginx' ''
2022-02-06 05:47:00 v-update-web-domain-ssl 
2022-02-06 05:47:00 v-add-letsencrypt-domain  'User3' 'domain5.tld' 'www.domain5.tld'
2022-02-06 05:47:00 v-restart-service  'apache2' ''
2022-02-06 05:47:01 v-restart-service  'nginx' ''
2022-02-06 05:47:01 v-add-web-domain-ssl-force  'User3' 'domain5.tld'
2022-02-06 05:47:01 v-add-web-domain-redirect  'User3' 'domain5.tld' 'https://domain2.tld' '301'
2022-02-06 05:47:04 v-add-firewall-chain  'MAIL'
2022-02-06 05:47:04 v-add-firewall-ban  '5.34.207.107' 'MAIL'
2022-02-06 05:47:15 v-delete-web-domain-redirect  'User4' 'domain6.tld'
2022-02-06 05:47:16 v-restart-service  'apache2' ''
2022-02-06 05:47:16 v-restart-service  'nginx' ''
2022-02-06 05:47:16 v-delete-web-domain-ssl-force  'User4' 'domain6.tld'
2022-02-06 05:47:17 v-restart-service  'bind9'
2022-02-06 05:47:17 v-delete-dns-record  'User4' 'domain6.tld' '23'
2022-02-06 05:47:18 v-restart-service  'bind9'
2022-02-06 05:47:17 v-add-dns-record  'User4' 'domain6.tld' '@' 'CAA' '0 issue "letsencrypt.org"'
2022-02-06 05:47:20 v-restart-service  'nginx' ''
2022-02-06 05:47:24 v-delete-firewall-ban  '5.34.205.95' 'MAIL'
2022-02-06 05:47:37 v-restart-service  'nginx' ''
2022-02-06 05:47:53 v-generate-ssl-cert  'domain6.tld' '[email protected]' 'US' 'California' 'San Francisco' 'Hestia' 'IT' 'www.domain6.tld'
2022-02-06 05:47:55 v-restart-service  'apache2' ''
2022-02-06 05:47:56 v-restart-service  'nginx' ''
2022-02-06 05:47:56 v-update-web-domain-ssl 
2022-02-06 05:47:56 v-add-letsencrypt-domain  'User4' 'domain6.tld' 'www.domain6.tld'
2022-02-06 05:47:57 v-restart-service  'apache2' ''
2022-02-06 05:47:57 v-restart-service  'nginx' ''
2022-02-06 05:47:57 v-add-web-domain-ssl-force  'User4' 'domain6.tld'
2022-02-06 05:47:57 v-add-web-domain-redirect  'User4' 'domain6.tld' 'https://domain2.tld' '301'
2022-02-06 05:48:10 v-restart-service  'nginx' ''
2022-02-06 05:48:26 v-restart-service  'nginx' ''
2022-02-06 05:48:43 v-generate-ssl-cert  'mail.domain6.tld' '[email protected]' 'US' 'California' 'San Francisco' 'Hestia' 'IT' 'webmail.domain6.tld'
2022-02-06 05:48:45 v-restart-service  'apache2' ''
2022-02-06 05:48:46 v-restart-service  'nginx' ''
2022-02-06 05:48:46 v-update-mail-domain-ssl 
2022-02-06 05:48:46 v-add-letsencrypt-domain  'User4' 'domain6.tld' '' 'yes'
2022-02-06 05:48:46 v-add-firewall-chain  'MAIL'
2022-02-06 05:48:46 v-add-firewall-ban  '5.34.205.95' 'MAIL'
2022-02-06 05:48:58 v-delete-web-domain-redirect  'user6' 'domain7.tld'
2022-02-06 05:48:59 v-restart-service  'apache2' ''
2022-02-06 05:48:59 v-restart-service  'nginx' ''
2022-02-06 05:48:59 v-delete-web-domain-ssl-force  'user6' 'domain7.tld'
2022-02-06 05:49:00 v-restart-service  'bind9'
2022-02-06 05:49:00 v-delete-dns-record  'user6' 'domain7.tld' '26'
2022-02-06 05:49:00 v-restart-service  'bind9'
2022-02-06 05:49:00 v-add-dns-record  'user6' 'domain7.tld' '@' 'CAA' '0 issue "letsencrypt.org"'
2022-02-06 05:49:02 v-restart-service  'nginx' ''
2022-02-06 05:49:19 v-restart-service  'nginx' ''
2022-02-06 05:49:36 v-generate-ssl-cert  'domain7.tld' '[email protected]' 'US' 'California' 'San Francisco' 'Hestia' 'IT' 'www.domain7.tld'
2022-02-06 05:49:39 v-restart-service  'apache2' ''
2022-02-06 05:49:39 v-restart-service  'nginx' ''
2022-02-06 05:49:39 v-update-web-domain-ssl 
2022-02-06 05:49:39 v-add-letsencrypt-domain  'user6' 'domain7.tld' 'www.domain7.tld'
2022-02-06 05:49:40 v-restart-service  'apache2' ''
2022-02-06 05:49:40 v-restart-service  'nginx' ''
2022-02-06 05:49:40 v-add-web-domain-ssl-force  'user6' 'domain7.tld'
2022-02-06 05:49:40 v-add-web-domain-redirect  'user6' 'domain7.tld' 'https://domain2.tld' '301'

You can imagine the nightmare i was having this morning with 4 angry customers. What the hell happened???

I can send the original logs if needed.

N.

eris · February 8, 2022, 9:48am

I have found the issue

neven · February 8, 2022, 10:00am

Can you post a hotfix?

Raphael · February 8, 2022, 11:02am

eris · February 8, 2022, 12:16pm

Will not work you need to unset REDIRECT

neven · February 8, 2022, 4:52pm

I’ve changed v-update-letsencrypt-ssl line 120 to:

            if [[ -n "$domain_redirect" ]] ; then
                $BIN/v-add-web-domain-redirect $user $domain $domain_redirect $domain_redirect_code
                unset domain_redirect
            fi

This I hope will be included in the next HestiaCP update.

I look at this as educational experience. I now know how to clear cached 301 redirections on all major browsers.

eris · February 8, 2022, 4:54pm

Will not work …
unset REDIRECT

Will…

system · March 10, 2022, 4:54pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.