• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Issue Weak Algorithm Warning (DSA1024) for Plesk Repositories on Ubuntu 24.04 LTS

LionKing

LionKing

Regular Pleskian
Server operating system version
Ubuntu 24.04 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.67 Update #3 Web Host Edition
Hi Plesk Support Team and Community,
I’m running into an issue with the Plesk repositories on my Ubuntu 24.04 LTS server and would appreciate some guidance.

When I run sudo apt update, I get warnings about the Plesk repositories using a weak algorithm (DSA1024) for their signatures. The affected repositories include those for Plesk itself and several PHP versions (e.g., PHP 7.4, 8.0, 8.1, 8.2). The warning message indicates that the key used to sign these repositories is considered cryptographically weak by modern standards.

I tried to fetch an updated key from a keyserver using apt-key adv, but I received an error that the key ID was not found. I also learned that apt-key is deprecated in Ubuntu 24.04, and the recommended method is to manage keys in /etc/apt/trusted.gpg.d/. However, even if I were to add the key manually, the weak algorithm issue would likely persist.

Here’s what I’ve done so far:
  1. Ran sudo apt update and noted the weak algorithm warnings for the Plesk repositories.
  2. Attempted to fetch the key using apt-key adv --keyserver keyserver.ubuntu.com --recv-keys with the key ID, but it failed with a "not a key ID: skipping" error.
  3. Considered adding the key manually to /etc/apt/trusted.gpg.d/, but I’m concerned that the underlying issue (weak DSA1024 algorithm) would still remain.
My questions are:
  • Has Plesk updated its repository signing keys to use a stronger algorithm (e.g., RSA-2048 or ECDSA)? If so, where can I find the new key and instructions to add it?
  • If not, are there plans to update the keys soon? The weak algorithm warning is a security concern, and I’d like to ensure my server remains secure.
  • Are there alternative repositories or mirrors that use updated keys?
  • How do I run an actual update of this and fix the issue on the Ubuntu 24.04 LTS server?
I’d really appreciate any help or updates from the Plesk team or community members who have encountered and resolved this issue. Thanks in advance for your assistance!

Best regards,

LionKing
 
No they don't actually. The old Repositories just keeps being there and been there for a while now hence the post here.
 
So do anyone have an idea of how to fix this?

Here is a detailed screenshot of how it looks like:
1742998921555.png
 
@LionKing our team is already working on updating the signing key. The case is currently in the testing phase and the fix should be released in the upcoming days.
 
@chiris , the GPG key was updated in Plesk Obsidian 18.0.69. Are you still experiencing the issue after an update to that or later version? If yes, does that happen upon executing apt update and what's the exact version of your OS, please?
 
Hello.

Yes i have the same problem after update to new version.

Ubuntu Version :
cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.2 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo


Plesk Version :
Plesk Obsidian Version 18.0.69


apt Update :

apt update
Hit:1 Index of /pool/PSA_18.0.69_16837 noble InRelease
Hit:2 Index of /PHP74_17 noble InRelease
Hit:3 Index of /PHP80_17 noble InRelease
Hit:4 Index of /PHP81_17 noble InRelease
Hit:5 Index of /PHP82_17 noble InRelease
Hit:6 Index of /PHP83_17 noble InRelease
Hit:7 Index of /PHP84_17 noble InRelease
Hit:8 Index of /pool/WPB_18.0.69_87 all InRelease
Hit:9 Index of /ubuntu noble-security InRelease
Hit:10 Index of /ubuntu noble InRelease
Hit:11 Index of /ubuntu noble-updates InRelease
Hit:12 Index of /ubuntu noble-backports InRelease
Hit:13 Index of /ondrej/php/ubuntu noble InRelease
Hit:14 Index of /imunify360/ubuntu/24.04/ noble InRelease
Hit:15 Index of /ubuntu/24.04/slot-1/ noble InRelease
Hit:16 Index of /ubuntu/24.04/slot-2/ noble InRelease
Hit:17 Index of /ubuntu/24.04/slot-3/ noble InRelease
Hit:18 Index of /ubuntu/24.04/slot-4/ noble InRelease
Hit:19 Index of /ubuntu/24.04/slot-5/ noble InRelease
Hit:20 Index of /ubuntu/24.04/slot-6/ noble InRelease
Hit:21 Index of /ubuntu/24.04/slot-7/ noble InRelease
Hit:22 Index of /ubuntu/24.04/slot-8/ noble InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
12 packages can be upgraded. Run 'apt list --upgradable' to see them.
N: Ignoring file 'plesk.list.ai_back' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
W: http://autoinstall.plesk.com/PHP74_17/dists/noble/InRelease: Signature by key 8BADC1A02FC9C07FB8C20EC0BD11A6AA914BDF7E uses weak algorithm (dsa1024)
W: http://autoinstall.plesk.com/PHP80_17/dists/noble/InRelease: Signature by key 8BADC1A02FC9C07FB8C20EC0BD11A6AA914BDF7E uses weak algorithm (dsa1024)
W: https://repo.imunify360.cloudlinux.com/imunify360/ubuntu/24.04/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-1/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-2/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-3/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-4/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-5/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-6/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-7/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-8/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
 
Thank you for the update. Could you please try replacing the GPG key with the following command:

curl -sS http://autoinstall.plesk.com/plesk.gpg | gpg --dearmor >> /etc/apt/keyrings/plesk.gpg
Click to expand...

That should sort out the warning for our packages. Regarding Imunify360 Cloudlinux is aware and they are currently reworking their signature key. Therefore, the warnings can be safely ignored for now.
 
Hello and thank you for your answer.

I run the command but again showing the same error :

apt update
Hit:1 Index of /pool/PSA_18.0.69_16837 noble InRelease
Hit:2 Index of /PHP74_17 noble InRelease
Hit:3 Index of /PHP80_17 noble InRelease
Hit:4 Index of /PHP81_17 noble InRelease
Hit:5 Index of /PHP82_17 noble InRelease
Hit:6 Index of /PHP83_17 noble InRelease
Hit:7 Index of /PHP84_17 noble InRelease
Hit:8 Index of /ubuntu noble InRelease
Hit:9 Index of /ubuntu noble-updates InRelease
Hit:10 Index of /ubuntu noble-backports InRelease
Hit:11 Index of /ubuntu noble-security InRelease
Hit:12 Index of /imunify360/ubuntu/24.04/ noble InRelease
Hit:13 Index of /ondrej/php/ubuntu noble InRelease
Hit:14 Index of /ubuntu/24.04/slot-1/ noble InRelease
Hit:15 Index of /ubuntu/24.04/slot-2/ noble InRelease
Hit:16 Index of /ubuntu/24.04/slot-3/ noble InRelease
Hit:17 Index of /ubuntu/24.04/slot-4/ noble InRelease
Hit:18 Index of /ubuntu/24.04/slot-5/ noble InRelease
Hit:19 Index of /ubuntu/24.04/slot-6/ noble InRelease
Hit:20 Index of /ubuntu/24.04/slot-7/ noble InRelease
Hit:21 Index of /ubuntu/24.04/slot-8/ noble InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
11 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: http://autoinstall.plesk.com/PHP74_17/dists/noble/InRelease: Signature by key 8BADC1A02FC9C07FB8C20EC0BD11A6AA914BDF7E uses weak algorithm (dsa1024)
W: http://autoinstall.plesk.com/PHP80_17/dists/noble/InRelease: Signature by key 8BADC1A02FC9C07FB8C20EC0BD11A6AA914BDF7E uses weak algorithm (dsa1024)
W: https://repo.imunify360.cloudlinux.com/imunify360/ubuntu/24.04/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-1/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-2/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-3/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-4/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-5/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-6/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-7/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)
W: https://download.imunify360.com/ubuntu/24.04/slot-8/dists/noble/InRelease: Signature by key 9EE467641C635726A184D64B8C55A6628608CB71 uses weak algorithm (dsa1024)

The error showing and in php 7.4 and 8.0
 
Thank you, @chiris . I am not quite sure what's causing the issue in this particular case if the system is running on Plesk 18.0.69. I believe these warnings can be safely ignored. Still, if you have the option, please consider opening a ticket with Plesk support for an investigation of the issue on your server. To sign-in to support and open a ticket go to:
https://support.plesk.com
 
You must log in or register to reply here.

Similar threads

Daveo
Issue Ubuntu upgrade from 22.04 to 24.04 getting issue with key algorithms
Replies
2
Views
679
Daveo
Daveo
J
Resolved PUM error persists....
Replies
13
Views
1K
Jeroentje
J
K
Resolved Apt update warning weak algorithm (dsa1024)
Replies
5
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
W
Issue Atomicorp repository - Debian 11 - NO_PUBKEY
Replies
2
Views
531
websb
W
learning_curve
Resolved Plesk Updates - Expected in 18.0.65 - Now Overdue
Replies
15
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top