System broke after update (cant start hestiacp)

After doing update system completely broke, hestiacp is not running anymore.

The error I am seeing is this.

Setting up hestia-php (8.3.16) ...
dpkg: error processing package hestia-php (--configure):
 installed hestia-php package post-installation script subprocess returned error exit status 1
Setting up hestia-nginx (1.27.3) ...
Job for hestia.service failed because the control process exited with error code.
See "systemctl status hestia.service" and "journalctl -xeu hestia.service" for details.
invoke-rc.d: initscript hestia, action "start" failed.
Ă— hestia.service - LSB: starts the hestia control panel
     Loaded: loaded (/etc/init.d/hestia; generated)
     Active: failed (Result: exit-code) since Tue 2025-02-04 05:10:33 UTC; 6ms ago
       Docs: man:systemd-sysv-generator(8)
    Process: 92979 ExecStart=/etc/init.d/hestia start (code=exited, status=1/FAILURE)
        CPU: 9ms

Feb 04 05:10:33 example.com systemd[1]: Starting LSB: starts the hestia control panel...
Feb 04 05:10:33 example.com hestia[92979]:  * Starting hestia-nginx hestia-nginx
Feb 04 05:10:33 example.com hestia[92983]: nginx: [emerg] getpwnam("hestiaweb") failed in /usr/local/hestia/nginx/conf/nginx.conf:2
Feb 04 05:10:33 example.com systemd[1]: hestia.service: Control process exited, code=exited, status=1/FAILURE
Feb 04 05:10:33 example.com systemd[1]: hestia.service: Failed with result 'exit-code'.
Feb 04 05:10:33 example.com systemd[1]: Failed to start LSB: starts the hestia control panel.
/var/lib/dpkg/info/hestia-nginx.postinst: line 15: syshealth_adapt_hestia_nginx_listen_ports: command not found
dpkg: error processing package hestia-nginx (--configure):
 installed hestia-nginx package post-installation script subprocess returned error exit status 127
Errors were encountered while processing:
 hestia-php
 hestia-nginx
E: Sub-process /usr/bin/dpkg returned an error code (1)

when I try and manually start I get the following.

root@s2:~# systemctl status hestia.service
Ă— hestia.service - LSB: starts the hestia control panel
     Loaded: loaded (/etc/init.d/hestia; generated)
     Active: failed (Result: exit-code) since Tue 2025-02-04 05:06:50 UTC; 2s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 88950 ExecStart=/etc/init.d/hestia start (code=exited, status=1/FAILURE)
        CPU: 9ms

Feb 04 05:06:50 example.com systemd[1]: Starting LSB: starts the hestia control panel...
Feb 04 05:06:50 example.com hestia[88950]:  * Starting hestia-nginx hestia-nginx
Feb 04 05:06:50 example.com hestia[88954]: nginx: [emerg] getpwnam("hestia") failed in /usr/local/hestia/nginx/conf/nginx.conf:2
Feb 04 05:06:50 example.com systemd[1]: hestia.service: Control process exited, code=exited, status=1/FAILURE
Feb 04 05:06:50 example.com systemd[1]: hestia.service: Failed with result 'exit-code'.
Feb 04 05:06:50 example.com systemd[1]: Failed to start LSB: starts the hestia control panel.
root@s2:~# /etc/init.d/hestia start
Starting hestia (via systemctl): hestia.serviceJob for hestia.service failed because the control process exited with error code.
See "systemctl status hestia.service" and "journalctl -xeu hestia.service" for details.
 failed!

This server did not auto update but 2 others did so I did sudo update and upgrade and thats when it broke. I have one other server not updated that I have not run update on yet but need to as the scripts we use use the path …/web/domain for SFTP and that has all change in the severs updated to be …/username/web/domain and kinda made everything get stuck with not all servers updated.

I think I found the solution! It was NGINX not updating, the fix here fixed it: Fix Nginx expired key (EXPKEYSIG ABF5BD827BD9BF62)

It said to update the signature and as soon as I did that and did update it worked.

curl -s https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg
3 Likes

In my case, this fix not working.
I also notice that the user hestiaweb does not exist in /etc/passwd …

that is strange it should be created

if [ -z "$(grep ^hestiaweb: /etc/passwd)" ]; then
	# Generate a random password
	random_password=$(generate_password '32')
	# Create the new hestiaweb user
	/usr/sbin/useradd "hestiaweb" -c "$email" --no-create-home
	# do not allow login into hestiaweb user
	echo hestiaweb:$random_password | sudo chpasswd -e
	cp $HESTIA_COMMON_DIR/sudo/hestiaweb /etc/sudoers.d/
	# Keep enabled for now
	# Remove sudo permissions admin user
	# rm /etc/sudoers.d/admin/
fi

It seems $HESTIA_COMMON_DIR/sudo/hestiaweb not exists.
find / -name hestiaweb return an empty list.

I have used the content from here: hestiacp/install/common/sudo/hestiaweb at main · hestiacp/hestiacp · GitHub and created manually the file /etc/sudoers.d/hestiaweb with that content.

To be able to login into the hestia web panel i have added user hestiaweb in admin group.

It seems hestiacp is back online. Maybe other issues are still not fixed… still checking…

It seems hestia-nginx fail to update:

Setting up hestia-nginx (1.27.3) ...
/var/lib/dpkg/info/hestia-nginx.postinst: line 15: syshealth_adapt_hestia_nginx_listen_ports: command not found
dpkg: error processing package hestia-nginx (--configure):
 installed hestia-nginx package post-installation script subprocess returned error exit status 127
Errors were encountered while processing:
 hestia-nginx
E: Sub-process /usr/bin/dpkg returned an error code (1)

That’s the exact same error I had except the fix was due to the sudo apt-get update not being able to fetch updated NGINX packages until I updated the signature using the script in my second post.

After that I did apt-get update and waited a few moments and HestiaCP finished the install and everything started working on it’s own.

In my case, i think is not related to nginx changed key - i’ve applied that fix past year. Applied now too, before anything else, without result.

I faced the error 500 and applied some fixes as per the steps mentioned in my replies to this topic.

But I am still unable to access the control panel as I see the error 500

I tried to upgrade but I see the same error as the topic of this article and the mentioned solution did not work in my case

curl -s https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg