• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Resolved Weak Algorithm Warning (DSA1024) for Plesk Repositories on Ubuntu 24.04 LTS

D3nnis3n said:
Well, we don't - but the source files are still included in apt.
Click to expand...
If you have already removed the Imunify360 Extension, then why have you not also removed the associated file from within: /etc/apt/sources.list.d/
That's straightforward & will immediately resolve the issues below assuming... that Imunify360 is the only package that you still have this issue with?

D3nnis3n said:
The workaround noted by Plesk also doesn't help - the Imunify repositories are still considered to be in failure and as such we still get an e-mail every day noting to us that updating failed.
Click to expand...
See above
 
Sebahat.hadzhi said:
@D3nnis3n , are you referring to the workaround from this article. If yes, does the update actually fail or you only get warnings? I am asking because it is normal to get the warnings with that workaround.
Click to expand...
_Manual_ updating never failed, the issue is the warnings are seen as error which leads to the Plesk configured automatic updates _not_ working and sending an update failed e-mail every day.

learning_curve said:
If you have already removed the Imunify360 Extension, then why have you not also removed the associated file from within: /etc/apt/sources.list.d/
That's straightforward & will immediately resolve the issues below assuming... that Imunify360 is the only package that you still have this issue with?
Click to expand...
It is readded on every execution of Plesk Installer.
 
D3nnis3n said:
It is readded on every execution of Plesk Installer.
Click to expand...
Do you mean, that in your case / on your server(s), that the Imunify360 associated file has been added back into: /etc/apt/sources.list.d/ as part of every Plesk Main Upgrade and / or Plesk Point Upgrade, even WHEN you didn't have the Imunify360 extension installed, when invoking those upgrades?

That's strange if you do, as it certainly isn't in our case.
FWIW It's never, ever been added back during any daily manual upgrades (e.g. Ubuntu / Plesk CLI updates via CLI #apt) any way.

Have you actually deleted it, but then seen it be added back, since you upgraded to Obsidian 18.0.70 #MU 1 and removed the Imunify360 extension?
 
So we figured this one out as well. The workaround is bad.

It configures:
Code: 
APT::Key::Assert-Pubkey-Algo ">=dsa1024,rsa4096,rsa3072";

However, this line will replace the defaults, e.g. if this is configured, what is accepted by default will no longer be accepted when it is not in that configuration.
That was the case for rsa2048 for us, which is used by elasticsearch repository - which then was no longer trusted and caused the actual upgrade error.

Use the following instead to accept the insecure Imunify key and all default accepted ones.
Code: 
APT::Key::Assert-Pubkey-Algo ">=dsa1024,>=rsa2048,ed25519,ed448";
 
D3nnis3n said:
~~~
Use the following instead to accept the insecure Imunify key and all default accepted ones.
Code: 
APT::Key::Assert-Pubkey-Algo ">=dsa1024,>=rsa2048,ed25519,ed448";
Click to expand...
Not commenting on the Plesk workaround. Plesk can do that.
The workaround below, was posted on the very 1st page of this thread, but the Imunify360 related issue was still an issue (at the time of that post)

Resolved - Weak Algorithm Warning (DSA1024) for Plesk Repositories on Ubuntu 24.04 LTS

Hi Plesk Support Team and Community, I’m running into an issue with the Plesk repositories on my Ubuntu 24.04 LTS server and would appreciate some guidance. When I run sudo apt update, I get warnings about the Plesk repositories using a weak algorithm (DSA1024) for their signatures. The...
talk.plesk.com talk.plesk.com
Either of those ^ should (currently) prevent you from experiencing this:
D3nnis3n said:
_Manual_ updating never failed, the issue is the warnings are seen as error which leads to the Plesk configured automatic updates _not_ working and sending an update failed e-mail every day.
Click to expand...
However, the other (separate) questions, relating to the Imunify360 associated file, being added back into: /etc/apt/sources.list.d/ still remain (post #64)
 
learning_curve said:
Not commenting on the Plesk workaround. Plesk can do that.
Click to expand...
Doing so causes the updating problems if you have any other repositories configured that use default accepted algorithms, so they should not do that as it breaks their clients servers ...

learning_curve said:
However, the other (separate) questions, relating to the Imunify360 associated file, being added back into: /etc/apt/sources.list.d/ still remain (post #64)
Click to expand...
We only updated to .70 yesterday, and it did indeed restore the Imunify sources. There is no signs of anything from Imunify installed, but we're finding files related to aibolit, which seems to be related in some way to Imunify or what was Plesk E-Mail-Security.
 
You must log in or register to reply here.

Similar threads

Daveo
Issue Ubuntu upgrade from 22.04 to 24.04 getting issue with key algorithms
Replies
2
Views
897
Daveo
Daveo
J
Resolved PUM error persists....
Replies
13
Views
2K
Jeroentje
J
K
Resolved Apt update warning weak algorithm (dsa1024)
Replies
5
Views
4K
Sebahat.hadzhi
Sebahat.hadzhi
M
Resolved error occurred during the signature verification
2
Replies
26
Views
3K
a-plesk-forum
A
W
Issue Atomicorp repository - Debian 11 - NO_PUBKEY
Replies
2
Views
657
websb
W
Back
Top