• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Resolved Weak Algorithm Warning (DSA1024) for Plesk Repositories on Ubuntu 24.04 LTS

Everyone, the issues with Grafana, PHP 7.4 and PHP 8.0 and the signing keys should be sorted. Our team released an update:

The GPG signing keys for the PHP 7.4 and 8.0 repositories on Ubuntu 24.04 have been updated addressing apt-get failure “untrusted public key algorithm: dsa1024”. (PPPM-14985)
Click to expand...

Please let us know if you continue encountering any errors/warnings.

I cannot provide any ETA for CloudLinux's repositories, at this point.
 
Sebahat.hadzhi said:
Everyone, the issues with Grafana, PHP 7.4 and PHP 8.0 and the signing keys should be sorted. Our team released an update:



Please let us know if you continue encountering any errors/warnings.

I cannot provide any ETA for CloudLinux's repositories, at this point.
Click to expand...
 

Attachments

  • Capture d’écran 2025-06-05 100522.jpg
    Capture d’écran 2025-06-05 100522.jpg
    136.6 KB · Views: 9
learning_curve said:
@Camel Design
IF you had read post #44 above and then looked at ALL of the Plesk workaround (via the link in that post), then you would not have needed to make your post...
Click to expand...
my post is here just for help and indicate all is ok now exept immunify so the problem is not 100% fix.

i have read all post and your, and i have try all solution and is not because you don't use immunify that fix the problem

Immunify work well just before this problem with the last update so we considerate is fix ? i don't know and yes i have try the workarround but is just a temporary patch
 
@Camel Design You posted an image (no words) relating to the weak algorithm warnings (DSA1024) thread, as a response to an earlier post, yet... imunify360 and its (current) weak algorithm warnings (DSA1024) is specifically covered, with advice, by Plesk, in the link that was posted, so you completely missed the point of the previous post... No problem. It's not that important.
 
A this moment my temporary solutions are:

1. For Grafana
sudo nano /etc/apt/sources.list.d/plesk-ext-grafana.list
Click to expand...
commented line:
#deb Index of /grafana/deb stable main
Click to expand...
added line:
deb [trusted=yes] Index of /grafana/deb stable main
Click to expand...

2. For DSA-1024 warning
created file:
/etc/apt/apt.conf.d/99weakkey-warning
Click to expand...
with the code:
APT::Key::Assert-Pubkey-Algo ">=rsa2048,ed25519,ed448,dsa1024";
Click to expand...

For munify360 is not needed a temporary solution, even it is warning, the update is working.
 
anatol said:
A this moment my temporary solutions are:
1. For Grafana
Click to expand...
Grafana is already completely fixed. There's no need for any temp solutions now. See Changelog plus:

Resolved - The repository 'https://autoinstall.plesk.com/grafana/deb stable InRelease' is not signed

Previous issues with Grafana / Monitoring & Plesk are numerous and have been posted by many. Fortunately, we've had minimum problems with both to date, but it seems our time has finally come, with the advent of Plesk Obsidian 18.0.70 :D The Grafana Extention auto-update via Plesk Panel just...
talk.plesk.com talk.plesk.com
anatol said:
2. For DSA-1024 warning
For munify360 is not needed a temporary solution, even it is warning, the update is working.
Click to expand...
See / read all of the previous link:
 
learning_curve said:
Grafana is already completely fixed. There's no need for any temp solutions now. See Changelog plus:

Resolved - The repository 'https://autoinstall.plesk.com/grafana/deb stable InRelease' is not signed

Previous issues with Grafana / Monitoring & Plesk are numerous and have been posted by many. Fortunately, we've had minimum problems with both to date, but it seems our time has finally come, with the advent of Plesk Obsidian 18.0.70 :D The Grafana Extention auto-update via Plesk Panel just...
talk.plesk.com talk.plesk.com

See / read all of the previous link:
Click to expand...

Thanks for Grafana solution, I applied it and solved.

See / read all of the previous link:
https://support.plesk.com/hc/en-us/...public-key-algorithm-dsa1024-E-The-repository
Click to expand...

This link does not open anything.
 
anatol said:
Thanks for Grafana solution, I applied it and solved.
Click to expand...
Great!
anatol said:
This link does not open anything.
Click to expand...
Ahhh Yes. The linked article has now been removed by Plesk. Understood.
Effectively, the temp solution was very similar to your own, (slightly different syntax) but the important closing statement on that page, was, that the Cloudlinux team will completely resolve this (in due course) and that the (current) weak algorithm warnings (DSA1024) that are still being generated by imunify360, can be safely ignored. We don't use imunify360 so were / are not affected.
 
Hello, @Michael.P . Imunify360 is a third-party product and it is maintained by CloudLinux. The warnings you get are related to their repositories. As previously mentioned, they are aware of the issue and working on fixing it. However, I cannot provide any ETA on when that will be fixed. At this time, you can safely ignore the warnings.
 
Very new to Linux, so please excuse my lack of knowledge! Was wondering why this issue is only affecting Ubuntu 24.04.2 LTS? I have another server running on Ubuntu 22.04.5 LTS, and there are no warnings about the keys and everything updates fine. Does that mean the older LTS versions of Ubuntu are no longer considered secure? Or will they be rolling out the same key upgrade on older but still supported versions of Ubuntu?
 
So an update on this situation - on my server which is running Imunify360 I have to have the workaround applied, otherwise no system updates are allowed at all. As soon as I applied the workaround everything updated.

I was advised by Imunify support to leave the workaround in place until they release their fix - although they couldn’t give me an ETA. Not sure how great it is to leave a potentially unsafe workaround on the server, but the alternative is no server updates which is equally as unsafe. Catch 22?!

I do find it odd that this scenario wasn’t prepared for - the warnings about the keys have been around for quite a while so the change was coming. Plesk jumped on it and released fixes pretty quickly, not sure why a company like Imunify whose only job is to protect a server wasn’t ready for the new secure keys, and seems to be taking a long time to fix the issue…
 
learning_curve said:
Effectively, the temp solution was very similar to your own, (slightly different syntax) but the important closing statement on that page, was, that the Cloudlinux team will completely resolve this (in due course) and that the (current) weak algorithm warnings (DSA1024) that are still being generated by imunify360, can be safely ignored.
Click to expand...
So a security software is not able to actually provide secure keys, despite warnings about that having been given for ages and the "in due course" is so far months since they have been made first aware? Noone should use that security software. I don't even know why these repositories are included, we do not have anything from Imunify installed.
 
You must log in or register to reply here.

Similar threads

Daveo
Issue Ubuntu upgrade from 22.04 to 24.04 getting issue with key algorithms
Replies
2
Views
958
Daveo
Daveo
J
Resolved PUM error persists....
Replies
13
Views
2K
Jeroentje
J
K
Resolved Apt update warning weak algorithm (dsa1024)
Replies
5
Views
4K
Sebahat.hadzhi
Sebahat.hadzhi
C
Issue apt cache fetch failed / Package update manager notification
Replies
6
Views
728
carlos.pacheco@nanode
C
A
Issue apt cache fetch failed / Package update manager notification
Replies
5
Views
771
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top