Loading...

Knowledge Base
Home 
 
/
 Bluehost Self-Managed VPS: Troubleshooting Automatic Security Updates
Categories: VPS, Troubleshooting

Bluehost Self-Managed VPS: Troubleshooting Automatic Security Updates

If you’ve already set up automatic security updates on your Self-Managed VPS but notice updates aren’t being installed, email alerts aren’t arriving, or you see error messages, this troubleshooting guide will help.
Below, you’ll find step-by-step checks, example commands, and solutions for common problems with automated security updates on AlmaLinux, Rocky Linux, CentOS Stream, Ubuntu, Debian, and Fedora.

Please visit the Bluehost Self-Managed VPS: How to Set Up Automatic Security Updates article for the set up instructions.

This article discusses the following:

Common Symptoms

  • No security updates are being installed (system is outdated).
  • Update-related emails don’t arrive.
  • Errors appear in logs, or you get mail delivery bounces.
  • “Could not resolve host”, “Failed to download”, or “service not active” messages.

Quick Checks First

  1. Is the service enabled and running?
    • For dnf-automatic (RHEL/Alma/Rocky/Fedora):
        
      systemctl status dnf-automatic.timer
      Example output: 
      ● dnf-automatic.timer - dnf-automatic timer
   Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.timer; enabled)
   Active: active (waiting) since Thu 2024-07-11 08:00:00 UTC; 4h 2min ago
    • For unattended-upgrades (Ubuntu/Debian):
        
      sudo systemctl status unattended-upgrades.service
      Example output: 
      ● unattended-upgrades.service - Unattended Upgrades Shutdown
     Loaded: loaded (/lib/systemd/system/unattended-upgrades.service; enabled)
     Active: inactive (dead)
  2. Can you update manually? 
    sudo dnf update --security
    Example output: 
    Last metadata expiration check: 0:10:12 ago on Thu 11 Jul 2024 12:01:05 PM UTC.
Dependencies resolved.
Nothing to do.
Complete!
    sudo apt update && sudo apt upgrade
    Example output: 
    Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [2,718 B]
...
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  3. Do you have network and DNS access? 
    ping -c 2 8.8.8.8
    Example output: 
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=22.2 ms
...

    sudo dnf check-update
sudo apt update
    Example output: 
    Get:1 http://... InRelease [XX kB]
...
Reading package lists... Done

How to Check Logs for Errors

  • dnf-automatic log: 
    sudo journalctl -u dnf-automatic.service
    Example output: 
    Jul 11 06:00:57 vps dnf-automatic[2387]: INFO: Security updates installed:
  - openssl-1.1.1k-8.el8_4.x86_64
  • unattended-upgrades log: 
    cat /var/log/unattended-upgrades/unattended-upgrades.log
    Example output: 
    2024-07-11 06:25:19,123 INFO Packages that will be upgraded: openssl
2024-07-11 06:25:19,456 INFO All upgrades installed successfully
  • Check for error words: 
    grep -i error /var/log/unattended-upgrades/unattended-upgrades.log
    Example output: 
    cat /var/log/unattended-upgrades/unattended-upgrades.log | grep -i error
2024-07-11 06:25:19,556 ERROR Failed to install some packages: ...
    sudo journalctl -u dnf-automatic.service | grep -i fail
    Example output: 
    Jul 11 06:01:00 vps dnf-automatic[2431]: Failed to check for updates: ...

Common Errors & Solutions

Error/Symptom What It Means / How to Fix
“Could not resolve host”, “Failed to download” No network or broken repositories.
  • Check your network: 
    ping -c 4 8.8.8.8
  • Check DNS in /etc/resolv.conf
  • Update repo configs; verify system time
Example log line: 
Err:1 http://archive.ubuntu.com/ubuntu jammy InRelease
  Could not resolve 'archive.ubuntu.com'
dnf-automatic.timer or unattended-upgrades.service not active Start/re-enable the service:
  
sudo systemctl enable --now dnf-automatic.timer
sudo dpkg-reconfigure unattended-upgrades
Example output: 
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer.
Unattended-upgrades runs but doesn't install updates Check /etc/apt/apt.conf.d/10periodic
Ensure lines like APT::Periodic::Unattended-Upgrade "1"; are present and not set to "0"
Example: 
# Check this file contains:
APT::Periodic::Unattended-Upgrade "1";
No mail notifications received
  • Is mail or postfix/sendmail installed?
  • Test with 
    echo "test" | mail -s "test" [email protected]
  • For external addresses: may need to configure relay/smarthost for deliverability.
Example log line for failed delivery: 
Jul 11 07:13:03 vps postfix/smtp[3227]: connect to gmail-smtp-in.l.google.com[142.250.102.27]:25: Connection timed out
“Permission denied” or "Cannot write" Run with sudo or as root.
Check directory/file permissions for automatic update scripts or logs.
Example: 
Permission denied: '/var/log/unattended-upgrades/unattended-upgrades.log'
Updates not showing up/applied
  • Check /etc/dnf/automatic.conf or 50unattended-upgrades for correct settings:
    apply_updates = yes (dnf)
    Unattended-Upgrade::Allowed-Origins ... (apt)
  • Check last run time in logs
Example log line: 
2024-07-11 06:25:19,456 INFO All upgrades installed successfully
System requires reboot, but it's not happening
  • dnf: Set reboot = when-needed in /etc/dnf/automatic.conf
  • Ubuntu/Debian: Unattended-Upgrade::Automatic-Reboot "true"; in 50unattended-upgrades
Example unattended-upgrades log: 
2024-07-11 06:26:00,203 INFO Packages that require reboot: linux-image-6.2.0
2024-07-11 06:26:01,000 INFO All upgrades installed, rebooting now

Manually Testing Updates

  1. RHEL/AlmaLinux/Rocky/CentOS/Fedora: 
    sudo dnf update --security
    Example output: 
    Dependencies resolved.
Nothing to do.
Complete!
  2. Ubuntu/Debian: 
    sudo unattended-upgrades --dry-run --debug
    Example output: 
    Initial blacklisted packages:
Starting unattended upgrades script
...
Packages that will be upgraded: openssl

    sudo apt update && sudo apt upgrade
    Example output: 
    Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [2,718 B]
...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Email Notification Troubleshooting

  • No mailutils/postfix/sendmail installed 
    sudo apt install mailutils postfix -y
    sudo dnf install postfix -y
  • Test email: 
    echo "Test" | mail -s "Test" [email protected]
    Example output: 
    Mail sent.
  • Still not delivered?
    • Check 
      journalctl -xe | grep mail
      for errors Example output: 
      Jul 11 08:00:13 vps postfix/smtp[3033]: connect to aspmx.l.google.com[142.250.27.26]:25: Connection timed out
    • Check spam/junk folders on recipient’s mail
    • Consider using a relay/smarthost (SMTP) for reliable external delivery (see your provider’s docs)
Note: Local mail delivery (MTAs like postfix/sendmail) is usually enough for VPS security alerts. For reliable delivery to Gmail/external, a relay or mail service is recommended.

Reset or Reconfigure Automatic Updates

  • Disable/re-enable dnf-automatic timer: 
    sudo systemctl stop dnf-automatic.timer  # disables
sudo systemctl start dnf-automatic.timer # restarts
  • Reconfigure unattended-upgrades: 
    sudo dpkg-reconfigure unattended-upgrades
    Example output: 
    Configuring unattended-upgrades
Automatically download and install stable updates? [Yes]
  • Change update frequency/automation: 
    sudo nano /etc/apt/apt.conf.d/10periodic
sudo nano /usr/lib/systemd/system/dnf-automatic.timer

Summary

Automatic security updates play an important role in maintaining the security of your Self-Managed VPS, but sometimes problems occur that require solutions. This is a step-by-step guide for troubleshooting update, notification, and log error issues. It is imperative that you check the logs, try running manual commands, and make sure the network and mailing functions are working.

Loading...