SSL and Domains broken after HestiaCP update

Ritzz · July 22, 2025, 7:12am

Hey everyone,

So HestiaCP updated to 1.9.4 tonight. Since then all websites and domains are broken on my server. I can still access the web-gui from http://ip:8083/

This is the error I get on https:/hostname.tld of the server.

I get a regular HSTS error when I try to visit any other domain.

These are the site logs.

2025/07/22 04:07:05 [error] 377411#377411: *1212899 connect() failed (111: Connection refused) while connecting to upstream, client: 203.212.245.21, server: hostname.tld, request: "GET /login/ HTTP/2.0", upstream: "http://10.0.0.152:2083/login/", host: "hostname.tld"
2025/07/22 04:07:05 [error] 377412#377412: *1183772 connect() failed (111: Connection refused) while connecting to upstream, client: 203.212.245.21, server: hostname.tld, request: "GET /favicon.ico HTTP/2.0", upstream: "http://10.0.0.152:2083/favicon.ico", host: "hostname.tld", referrer: "https://hostname.tld/login/"
2025/07/22 04:07:11 [error] 377411#377411: *1212899 connect() failed (111: Connection refused) while connecting to upstream, client: 203.212.245.21, server: hostname.tld, request: "GET / HTTP/2.0", upstream: "http://10.0.0.152:2083/", host: "hostname.tld"
2025/07/22 04:07:18 [error] 377411#377411: *1212899 connect() failed (111: Connection refused) while connecting to upstream, client: 203.212.245.21, server: hostname.tld, request: "GET / HTTP/2.0", upstream: "http://10.0.0.152:2083/", host: "hostname.tld"
2025/07/22 04:07:20 [error] 377411#377411: *1212899 connect() failed (111: Connection refused) while connecting to upstream, client: 203.212.245.21, server: hostname.tld, request: "GET / HTTP/2.0", upstream: "http://10.0.0.152:2083/", host: "hostname.tld"
2025/07/22 04:08:41 [error] 377411#377411: *1242921 connect() failed (111: Connection refused) while connecting to upstream, client: 203.212.245.21, server: hostname.tld, request: "GET /login/ HTTP/2.0", upstream: "http://10.0.0.152:2083/login/", host: "hostname.tld"
2025/07/22 04:08:42 [error] 377411#377411: *1242923 connect() failed (111: Connection refused) while connecting to upstream, client: 203.212.245.21, server: hostname.tld, request: "GET /favicon.ico HTTP/2.0", upstream: "http://10.0.0.152:2083/favicon.ico", host: "hostname.tld", referrer: "https://hostname.tld/login/"
2025/07/22 04:08:54 [error] 377411#377411: *1242925 connect() failed (111: Connection refused) while connecting to upstream, client: 203.212.245.21, server: hostname.tld, request: "GET / HTTP/2.0", upstream: "http://10.0.0.152:2083/", host: "hostname.tld"
2025/07/22 04:08:54 [error] 377411#377411: *1242923 connect() failed (111: Connection refused) while connecting to upstream, client: 203.212.245.21, server: hostname.tld, request: "GET /favicon.ico HTTP/2.0", upstream: "http://10.0.0.152:2083/favicon.ico", host: "hostname.tld", referrer: "https://hostname.tld/" ```

Ritzz · July 22, 2025, 7:15am

I also see 2 Template options. This is not normal. I am using Nginx+PHP-FPM.

Ritzz · July 22, 2025, 7:47am

Following the instructions from here. I reran the migration script and reissued SSL for hostname.tld.

Now I can access it and get hit with the default success page. Weird issue is, Even after setting cp.stpl as the default template I still get the default success page.

on other domains on the website. including subdomains.hostname.tld I still get HSTS error after re-issuing SSL (HSTS requirement is turned off)

Here’s the ssllabs.com report on domain2.tld

sahsanu · July 22, 2025, 9:35am

It seems the last Nginx update overwrote the main Nginx configuration file (/etc/nginx/nginx.conf). To fix the issue, we’ve replaced it with the one provided by Hestia.

cd /etc/nginx/
cp nginx.conf nginx.conf.bad
cp /usr/local/hestia/install/deb/nginx/nginx.conf .
systemctl restart nginx