Amidst the crisis, I wanted to share the fastest easiest SSH Command line to change your VestaCP port. I'm changing it here with 8383, you can replace 8383 with any other (uncommon) port number if you want.
CODE: SELECT ALL

sed -i 's/8083;/8383;/' /usr/local/vesta/nginx/conf/nginx.conf
/usr/local/vesta/bin/v-add-firewall-rule ACCEPT 0.0.0.0/0 8383 TCP gVestaCP
Block 8083 in Firewall (if you want)
CODE: SELECT ALL

sed -i -e '/8083/ s/ACCEPT/DROP/' /usr/local/vesta/data/firewall/rules.conf
Double check if it shows DROP for 8083
CODE: SELECT ALL

nano /usr/local/vesta/data/firewall/rules.conf
Restarr Fail2Ban to monitor changed port (Thanks @nsuro for the tip)
CODE: SELECT ALL

systemctl restart fail2ban.service
v-update-firewall
systemctl restart vesta
Check iptables should now show the new port.
CODE: SELECT ALL

iptables -L -nv | grep 8383
like this
CODE: SELECT ALL

....

0     0 fail2ban-VESTA  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8383

....
If you are still not able to login at your custom port, stop firewall
CODE: SELECT ALL

/usr/local/vesta/bin/v-stop-firewall
then login to your panel and restart firewall from within your WebUI

Note: Seasoned admins may want to restrict access to WebUI for only their known IP... so replace ACCEPT 0.0.0.0/0 with your IP