How to Fix “Unknown Error” in HestiaCP File Manager — A Complete CloudcareHost Guide
If you’re getting an “Unknown error” in the HestiaCP File Manager, it usually relates to user jail or chroot misconfigurations. Don’t worry, this guide explains what causes it and how to fix it step-by-step in simple language.
What Is a Chroot or Jail in HestiaCP?
A chroot jail limits a user’s access to a specific part of the filesystem. When enabled, that user can’t see or modify files outside their assigned home directory. Inside this jail, Hestia can bind-mount folders (like the user’s web directory) so they still have access to website files without exposing the rest of the server.
In HestiaCP (and on CloudcareHost servers), the jail path usually looks like: /srv/jail/USERNAME/home/USERNAME/
Inside this area, Hestia can bind-mount specific folders like the web or SSH directories so users can still work with their websites safely.
Why Does the “Unknown Error” Happen
You may see messages like:
• Connection closed
• Unknown error
These often point to one of these issues:
1) Incorrect permissions on the jail folder (must be owned by root:root)
2) Missing bind mounts (the user’s web folder isn’t properly mounted inside the jail)
3) Wrong SSH configuration (the Match block is missing or incorrect)
Step-by-Step Fix for HestiaCP SFTP Jail Error
Let’s assume your Hestia user is an admin. Follow these steps exactly as our CloudcareHost technical experts recommend:
1) Try renaming or removing hst-filemanager-key
→ rm -f /home/admin/.ssh/hst-filemanager-key
2) Rebuild or Create the Jail
You can rebuild the user jail directly via SSH:
→ v-add-user-sftp-jail admin
If that doesn’t work, manually create the directories:
→ sudo mkdir -p /srv/jail/admin/home/admin/web
3) Set Correct Permissions
Each folder in the jail path must be owned by root, except the actual web folder:
→ sudo chown root:root /srv/jail
sudo chown root:root /srv/jail/admin
sudo chown root:root /srv/jail/admin/home
sudo chown root:root /srv/jail/admin/home/admin
sudo chown admin:admin /srv/jail/admin/home/admin/web
CloudcareHost Tip: If any parent folder is owned by the user instead of root, SSH will fail to start the jail.
4) Bind-Mount the Web Folder
Bind mounts connect your real web directory to the jailed one:
→ sudo mount --bind /home/admin/web /srv/jail/admin/home/admin/web
sudo mount --bind /home/admin/.ssh /srv/jail/admin/home/admin/.ssh
sudo mount --bind /home/admin/bin /srv/jail/admin/home/admin/bin
To make these mounts permanent, add them to /etc/fstab:
→ /home/admin/web /srv/jail/admin/home/admin/web none bind 0 0
/home/admin/.ssh /srv/jail/admin/home/admin/.ssh none bind 0 0
/home/admin/bin /srv/jail/admin/home/admin/bin none bind 0 0
5) Configure SSH for the User
Edit your SSH configuration file:
→ sudo nano /etc/ssh/sshd_config.d/hestia.conf
Add this block:
→ Match User admin
ChrootDirectory /srv/jail/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp -d /home/%u/web
Then restart SSH:
→ sudo systemctl restart sshd
6) Test the Jail
Now test if everything works:
→ sftp admin@your-server-ip
If configured properly, you’ll land directly inside:
→ /home/admin/web
To double-check everything:
→ ls -ld /srv /srv/jail /srv/jail/admin /srv/jail/admin/home /srv/jail/admin/home/admin
→ mount | grep admin
→ sshd -T | grep adminc
Common Mistakes
Jail folder owned by user → SSH refuses to chroot → Make parent dirs root:root
Missing bind mount → Jail appears empty → Use mount --bind
Wrong SSHD config → User lands in home, not web → Add Match User block
CloudcareHost Best Practice: Always verify your SSH Match block and fstab entries after any configuration changes.
Final Notes from CloudcareHost:
Once configured correctly, HestiaCP SFTP jails are secure and easy to maintain. They protect your system from accidental damage and allow safe access to web files. FileManager works perfectly inside /home/admin/web/domain/public_html when jailed.
Summary
• Use root:root ownership for all jail directories
• Bind-mount only the user’s web folder
• Update SSH config with proper Match block
Frequently Asked Questions (FAQ)
1. What causes the “Unknown Error” in HestiaCP File Manager?
→ This error usually happens because of incorrect permissions, missing bind mounts, or SSH jail (chroot) misconfiguration. When the jail setup isn’t correct, the File Manager or SFTP connection can’t reach the user’s web folder properly.
2. How can I fix the HestiaCP File Manager unknown error?
→ Rebuild or recreate the user’s SFTP jail, correct all folder permissions to root:root, bind-mount the user’s web folder, and ensure your SSH configuration includes a proper Match User block.
3. What does “bind to IP:80 failed” mean in HestiaCP?
→ It means your web server (Nginx or Apache) is trying to listen on an IP address that doesn’t exist or isn’t active. Updating your IP under Server → IP in HestiaCP and rebuilding the web configuration usually fixes this.
4. Why can’t I access my files through SFTP in HestiaCP?
→ If your SFTP session closes immediately or says “connection closed,” it’s likely that the jail folder permissions are wrong or the web directory isn’t bind-mounted inside the jail.
5. What are the correct permissions for a jailed user in HestiaCP?
→ Every parent folder in the jail path should be owned by root:root, while the user’s web folder should be owned by the user.
Example: /srv/jail/cloudcarehost/home/cloudcarehost/web → cloudcarehost:cloudcarehost
6. How do I make my Hestia jail mounts permanent?
→ Add your bind mounts to /etc/fstab so they’re automatically restored after a reboot.
Example: /home/user/web /srv/jail/user/home/user/web none bind 0 0
7. What is a chroot or jail in HestiaCP?
→ A chroot jail isolates a user so they can only access their own files and website directory. It improves server security by blocking access to other system files.
8. How can I test if my SFTP jail is working?
→ Connect via SFTP using your Hestia username: sftp username@your-server-ip
If successful, you should land inside your /home/username/web folder instead of the full server root.
9. Will fixing this error affect my websites?
→ No, rebuilding or correcting your SFTP jail won’t break your websites. It only fixes user access paths inside File Manager or SFTP.
10. How can I prevent this error from happening again?
→ Always use the HestiaCP panel to add or modify users, avoid manual file ownership changes inside /srv/jail, and make sure your bind mounts are included in /etc/fstab before rebooting.