No_pubkey a189e93654f0b0e5

Hello people

I just got an automatic message from several hestia installs saying that while running the cron script v-update-sys-hestia-all there is something wrong with the hestiacp repo key for bionic. (I am running Ubuntu 18) See log at the end of this post.

Has that happend to anyone else?

PS: I have tried to add the key manually but the key A189E93654F0B0E5 doesn’t seem to be present on ubuntu’s servers.
I have also tried to add apt-transport-https as suggested in another topic here, but still no luck.
Added google dns to /etc/resolv.conf but still not working

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.hestiacp.com bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Failed to fetch https://apt.hestiacp.com/dists/bionic/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Some index files failed to download. They have been ignored, or old ones used instead.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.hestiacp.com bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Failed to fetch https://apt.hestiacp.com/dists/bionic/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Some index files failed to download. They have been ignored, or old ones used instead.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.hestiacp.com bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Failed to fetch https://apt.hestiacp.com/dists/bionic/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Some index files failed to download. They have been ignored, or old ones used instead.

Hi

Checkout this thread here:

5 Likes

Hi! I got this error too - sent to my admin email with the subject Cron <admin@hestia> sudo /usr/local/hestia/bin/v-update-sys-hestia-all

thank you. it work. though I decided to update the other servers over the weekend, there are issues to be manually solved after upgrade (especially with mail certificates…) but overall it looks good. :slight_smile:

Thanks for the feedback, just let us know if you find any bug that needs to be solved :slight_smile:.

sure. I will try to document any issue as well as I can.

2 Likes

Hi, I have same issue for update to 1.5.5 - 1.5.6

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.hestiacp.com buster InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Failed to fetch https://apt.hestiacp.com/dists/buster/InRelease The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Some index files failed to download. They have been ignored, or old ones used instead.

rm /usr/share/keyrings/hestia-keyring.gpg 
mkdir /root/.gnupg/
gpg --no-default-keyring --keyring /usr/share/keyrings/hestia-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A189E93654F0B0E5
3 Likes

Now works fine. Thank you

Since this is the most recent topic I can find on this issue, I’m adding my experiences here.

TLDR: Check the DNS settings of any container/vm running Hestia, and specify known good IPs (like OpenDNS or Google).

$ sudo apt-get update
resulted in:
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5

$ sudo rm /usr/share/keyrings/hestia-keyring.gpg

$ sudo gpg --debug-level=guru --verbose --no-default-keyring --keyring /usr/share/keyrings/hestia-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A189E93654F0B0E5

resulted in:
gpg: keyserver receive failed: Server indicated a failure

Debug and verbose output showed that all of the usual culprits were working fine (like dirmngr for example).

That left DNS / Connection issues.

Threw me for a loop, because I was able to download Hestia’s cert directly with:
$ cd /tmp && wget "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xA189E93654F0B0E5" -O -
That led me to believe that it WASN’T a DNS issue, but some kind of connection issue.

After chasing my tail looking for connection issues, I went back to look at DNS and realized that the LXC container was using the hypervisor DNS settings. It was fine for the longest time, but a DNS change on the hypervisor broke DNS lookup consistency on all guest containers using the host DNS settings.

If all that checks out and you’re still having issues, perhaps it’s something with resolv.conf like this post covers in detail.

Bottom-Line: When you encounter this issue, DNS should be at the top of the list to check as one of the very first things.