I just got an automatic message from several hestia installs saying that while running the cron script v-update-sys-hestia-all there is something wrong with the hestiacp repo key for bionic. (I am running Ubuntu 18) See log at the end of this post.
Has that happend to anyone else?
PS: I have tried to add the key manually but the key A189E93654F0B0E5 doesn’t seem to be present on ubuntu’s servers.
I have also tried to add apt-transport-https as suggested in another topic here, but still no luck.
Added google dns to /etc/resolv.conf but still not working
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.hestiacp.com bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Failed to fetch https://apt.hestiacp.com/dists/bionic/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Some index files failed to download. They have been ignored, or old ones used instead.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.hestiacp.com bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Failed to fetch https://apt.hestiacp.com/dists/bionic/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Some index files failed to download. They have been ignored, or old ones used instead.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.hestiacp.com bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Failed to fetch https://apt.hestiacp.com/dists/bionic/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Some index files failed to download. They have been ignored, or old ones used instead.
thank you. it work. though I decided to update the other servers over the weekend, there are issues to be manually solved after upgrade (especially with mail certificates…) but overall it looks good.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.hestiacp.com buster InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Failed to fetch https://apt.hestiacp.com/dists/buster/InRelease The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: Some index files failed to download. They have been ignored, or old ones used instead.
resulted in: gpg: keyserver receive failed: Server indicated a failure
Debug and verbose output showed that all of the usual culprits were working fine (like dirmngr for example).
That left DNS / Connection issues.
Threw me for a loop, because I was able to download Hestia’s cert directly with: $ cd /tmp && wget "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xA189E93654F0B0E5" -O -
That led me to believe that it WASN’T a DNS issue, but some kind of connection issue.
After chasing my tail looking for connection issues, I went back to look at DNS and realized that the LXC container was using the hypervisor DNS settings. It was fine for the longest time, but a DNS change on the hypervisor broke DNS lookup consistency on all guest containers using the host DNS settings.
If all that checks out and you’re still having issues, perhaps it’s something with resolv.conf like this post covers in detail.
Bottom-Line: When you encounter this issue, DNS should be at the top of the list to check as one of the very first things.