Articles in this section

See more

System updates fail to be installed on Plesk server with Ubuntu 24.04 OS and Imunify installed: The following signatures were invalid: 9EE467641C635726A184D64B8C55A6628608CB71 (untrusted public key algorithm: dsa1024)

Avatar
Taras Ermoshin
Updated
Plesk for Linux kb: technical ext: Imunify

Symptoms

  • On a Plesk server with Ubuntu 24.04 OS and Imunify extension installed, system updates fail to be installed:

    Err:27 https://download.imunify360.com/ubuntu/24.04/slot-8 noble InRelease
    The following signatures were invalid: 9EE467641C635726A184D64B8C55A6628608CB71 (untrusted public key algorithm: dsa1024)

    W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://download.imunify360.com/ubuntu/24.04/slot-8 noble InRelease: The following signatures were invalid: 9EE467641C635726A184D64B8C55A6628608CB71 (untrusted public key algorithm: dsa1024)

    W: Failed to fetch https://download.imunify360.com/ubuntu/24.04/slot-8/dists/noble/InRelease The following signatures were invalid: 9EE467641C635726A184D64B8C55A6628608CB71 (untrusted public key algorithm: dsa1024)
    W: Failed to fetch https://repo.imunify360.cloudlinux.com/imunify360/ubuntu/24.04/dists/noble/InRelease The following signatures were invalid: 9EE467641C635726A184D64B8C55A6628608CB71 (untrusted public key algorithm: dsa1024)
    W: Some index files failed to download. They have been ignored, or old ones used instead.

  • The email with the same errors from Plesk System Updates tool is received on the email of the Plesk administrator.

Cause

In Ubuntu 24.04, changes to the system package manager were made, which made the GPG keys with which the Imunify repositories are signed not trusted due to weak signature algorithm.

The Imunify repositories are maintained by CloudLinux, so the issue is expected to be fixed on their side.
The issue was reported to them, and they are working on resolving it.

Resolution

Until the signatures of Imunify repositories are updated, use the workaround:

  1. Connect to the server via SSH.

  2. Execute the following command to temporarily make weak repository signature keys to not cause errors:

    # echo 'APT::Key::Assert-Pubkey-Algo ">=dsa1024,rsa4096,rsa3072";' | tee /etc/apt/apt.conf.d/99weakkey-warning

Once the above workaround is applied, warnings like this may occur:

W:https://repo.imunify360.cloudlinux.com/imunify360/ubuntu/24.04/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)

These warnings should not cause the installing of system updates to fail, so they can be ignored.

Comments

1 comment

Sort by Date Votes
  • Avatar
    Sebastian Vassiliou

    Is this a joke? There were warnings for months that dsa1024 was going to be deprecated.
    This is a security software, and they can't even handle providing the packages of their own software securely?

    Uninstalled.

    0

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles