Failed to fetch https://enterprise.proxmox.com/debian/pve/dists/bookworm/InRelease 401 Unauthorized [IP: 144.217.225.162 443]

[chattingfun]

After updating to 8.0.3 I am getting this error message when I run the updates

starting apt-get update
Hit:1 http://security.debian.org/debian-security bookworm-security InRelease
Hit:2 http://ftp.debian.org/debian bookworm InRelease
Hit:3 http://ftp.debian.org/debian bookworm-updates InRelease
Err:4 https://enterprise.proxmox.com/debian/pve bookworm InRelease
401 Unauthorized [IP: 144.217.225.162 443]
Hit:5 http://download.proxmox.com/debian/pve bookworm InRelease
Hit:6 http://download.proxmox.com/debian/ceph-quincy bookworm InRelease
Reading package lists...
E: Failed to fetch https://enterprise.proxmox.com/debian/pve/dists/bookworm/InRelease 401 Unauthorized [IP: 144.217.225.162 443]
E: The repository 'https://enterprise.proxmox.com/debian/pve bookworm InRelease' is not signed.
TASK ERROR: command 'apt-get update' failed: exit code 100

 

[leesteken]

If you don't have a subscription then you just need to disable then enterprise repository (https://enterprise.proxmox.com/debian/pve) and the error will go away (like all previous versions). You probably want to add and/or enable the no-subscription repository as per the manual.

 

[Kurtulus]

I do have an enterprise subscription. I upgraded my first node without the new "Ceph Quincy Enterprise Repository", it did not complain at first.
Then i went over to the second node and i noticed that "Ceph Quincy" has now an enterprise repository. So i edited the repository accordingly. The second node didn't complain either. Now i went back to the first node and adjusted it with the enterprise repository and now i have this error when i do apt update:

Spoiler: apt update

E: Failed to fetch https://enterprise.proxmox.com/debian/ceph-quincy/dists/bookworm/InRelease 401 Unauthorized [IP: 212.224.123.70 443]
E: The repository 'https://enterprise.proxmox.com/debian/ceph-quincy bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Spoiler: /etc/apt/sources.list.d/ceph.list

/etc/apt/sources.list.d/ceph.list =>
deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise

before in Proxmox 7.4 it was like this:

Spoiler: /etc/apt/sources.list.d/ceph.list

deb http://download.proxmox.com/debian/ceph-quincy bullseye main

So what i found was that, if you run into this problem, go to the Subscription menu in the Proxmox web interface and do a Check. After that "apt update" does not anymore show this subscription error.

 

[tom]

After uploading a key, you need to wait at least 5 minutes. So try again.

If you have ongoing issues with keys, contact the vendor, e.g. via https://shop.proxmox.com/contact.php

 

[Benji99]

Hi folks, I'm getting the same error as OP.

Spoiler: apt-get update

apt-get update
Hit:1 http://download.proxmox.com/debian/pve bookworm InRelease
Hit:2 http://ftp.ca.debian.org/debian bookworm InRelease
Hit:3 http://security.debian.org bookworm-security InRelease
Hit:4 http://ftp.ca.debian.org/debian bookworm-updates InRelease
Err:5 https://enterprise.proxmox.com/debian/ceph-quincy bookworm InRelease
401 Unauthorized [IP: 144.217.225.162 443]
Reading package lists... Done
E: Failed to fetch https://enterprise.proxmox.com/debian/ceph-quincy/dists/bookworm/InRelease 401 Unauthorized [IP: 144.217.225.162 443]
E: The repository 'https://enterprise.proxmox.com/debian/ceph-quincy bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I don't have a subscription

I upgraded 3 nodes from 7.4 to 8.0, updated to 8.0, modified the repositories and have no issues.

I just installed PVE 8 from scratch using the 8.0.2 installer (proxmox-ve_8.0-2.iso) to a 4th node that I'm setting up.
I updated the repositories to match the other 3 functional nodes as such:

Spoiler: /etc/apt.sources.list

deb http://ftp.ca.debian.org/debian bookworm main contrib
deb http://ftp.ca.debian.org/debian bookworm-updates main contrib

# security updates
deb http://security.debian.org bookworm-security main contrib

# non production use updates
deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription

Spoiler: /etc/apt/sources.list.d/pve-enteprise.list

#deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise

Scratching my head as to why it's not working.. Thoughts?

 

[t.lamprecht]

I don't have a subscription

Scratching my head as to why it's not working.. Thoughts?

Enterprise repositories are only accessible with a valid subscription, so this is not the original issue.
Either (buy and) setup a Proxmox VE subscription, or switch to another, public repo, e.g., using the web UI.

 

[Benji99]

Sorry but that wasn't helpful. Clearly my sources.list repo file was correctly pointing to pve-no-subscription repos.

Re-visited official documentation here

It turns out that I also needed to update modify the ceph repo which I never had to do in the past.
In fact, looking at my node that was updated from 7.4 to 8.0, the ceph.list file is actually missing altogether:

ls pve-enterprise.list pve-enterprise.list.dpkg-dist

(I don't use ceph at the moment, never enabled it.)

But is present in the fresh install using the 8.0.2 iso and needs to be updated.

 

[leesteken]

Spoiler: apt-get update

apt-get update
Hit:1 http://download.proxmox.com/debian/pve bookworm InRelease
Hit:2 http://ftp.ca.debian.org/debian bookworm InRelease
Hit:3 http://security.debian.org bookworm-security InRelease
Hit:4 http://ftp.ca.debian.org/debian bookworm-updates InRelease
Err:5 https://enterprise.proxmox.com/debian/ceph-quincy bookworm InRelease
401 Unauthorized [IP: 144.217.225.162 443]
Reading package lists... Done
E: Failed to fetch https://enterprise.proxmox.com/debian/ceph-quincy/dists/bookworm/InRelease 401 Unauthorized [IP: 144.217.225.162 443]
E: The repository 'https://enterprise.proxmox.com/debian/ceph-quincy bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I don't have a subscription

Make sure to use http for pve-no-subscription and not https, which is for pve-enterprise with a subscription and causes the unauthorized error.

 

[Benji99]

Make sure to use http for pve-no-subscription and not https, which is for pve-enterprise with a subscription and causes the unauthorized error.

Thanks for the reply, I was but wasn't aware that the ceph.list also needed to be updated as per my previous post.

I modified that one and was good after that.

 

[t.lamprecht]

It turns out that I also needed to update modify the ceph repo which I never had to do in the past.

Yes, which you would have seen if visiting the web UI's repository panel as suggested.
And getting a subscription would have also helped, so not sure how I could have been more helpful...

 

[Bass]

After uploading a key, you need to wait at least 5 minutes. So try again.
If you have ongoing issues with keys, contact the vendor, e.g. via https://shop.proxmox.com/contact.php

My node had a subscription many months ago. Two days after I upload the enterprise repository key, I still got following error

Failed to fetch https://enterprise.proxmox.com/debian/pve/dists/bookworm/InRelease 401 Unauthorized​

This solution of Kurtulus helped me

So what i found was that, if you run into this problem, go to the Subscription menu in the Proxmox web interface and do a Check. After that "apt update" does not anymore show this subscription error.

@t.lamprecht / @tom : It would be fine if you could provide a technical solution to this, as it is a headache for those who do not see the post of Kurtulus. Thanks

 

[t.lamprecht]

My node had a subscription many months before and I got this error

Failed to fetch https://enterprise.proxmox.com/debian/pve/dists/bookworm/InRelease 401 Unauthorized​

even 2 days after after I added the key.

This solution of Kurtulus helped me


@t.lamprecht / @tom : It would be fine if you could provide a technical solution to this, as it is a headache for those who do not see the post of Kurtulus. Thanks

We have tens of thousands of subscribers where this is not an issue as the code does the same as the "check" button does automatically when initially adding, or changing, a subscription key.
So, I'm not sure if it was either due to a glitch at your local setup, or a very specific bug that maybe even was fixed already in newer version. Are those servers in question (sometimes) turned off for a prolonged time period? Was internet connections from the server to our shop always working?

Also, I'm not sure how to understand "node had a subscription many months" and "even 2 days after I added the key"; did it work before (for months) and broke or are you meaning that you faced this issue when initially adding the key and then solved it after two days and are now telling us here after a few months?

Anyhow, if you face subscription issues and ensure you entered a correct key, that isn't (still) registered to another node, and it fails to work after ~ 15 minutes since initial setup, you can always contact the shop or enterprise support channels.

 

[Bass]

We have tens of thousands of subscribers where this is not an issue as the code does the same as the "check" button does automatically when initially adding, or changing, a subscription key.
So, I'm not sure if it was either due to a glitch at your local setup, or a very specific bug that maybe even was fixed already in newer version. Are those servers in question (sometimes) turned off for a prolonged time period? Was internet connections from the server to our shop always working?

Also, I'm not sure how to understand "node had a subscription many months" and "even 2 days after I added the key"; did it work before (for months) and broke or are you meaning that you faced this issue when initially adding the key and then solved it after two days and are now telling us here after a few months?

Anyhow, if you face subscription issues and ensure you entered a correct key, that isn't (still) registered to another node, and it fails to work after ~ 15 minutes since initial setup, you can always contact the shop or enterprise support channels.

Hello Thomas,
thanks for your answer. I update my previous for better understanding.
The server is hosted at Hetzner. I was relatively new: installed ~2 weeks before PVE 8 is released. There was no VM, LXC in the server. It just needed to be in-place upgraded. This is why I expected that it go smoothly.

 

[ZipTX]

Thanks for all the hints here. Fresh install with 8.0.2. For clarity, if you are a CLI user/scripter ... there are two places the repos need to be updated:

/etc/apt/sources.list.d/pve-enterprise.list
From: deb https://enterprise.proxmox.com/debian/pve bookworm enterprise
To: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription

/etc/apt/sources.list.d/ceph.list
From: deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise
To: deb http://download.proxmox.com/debian/ceph-quincy bookworm no-subscription

[Note the entries are changed from https to http AND the "no subscription" tags are different]

---
Thanks @t.lamprecht ... I've updated this post for accuracy.

 

[t.lamprecht]

To: deb http://enterprise.proxmox.com/debian/pve bookworm no-pve-subscription

Those are still wrong (and might soon stop working for no-subscription), please use the official documented repos:
https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_package_repositories

Or add the repo you wanted through the web interface (Node -> Repositories)

secured\trusted repositories are only available via subscription.

We secure our repos via an GPG release key, independent of the transport used to get the packages, bet it HTTP, HTTPS or getting them on a USB flash drive from a friend or so.

 

[blackletum]

staff attitude in this thread leaves a lot to be desired

this is not convincing anyone to get on-board with a paid subscription

 

[SykicChristian]

I recently installed proxmox for the first time to test as a home server platform and encountered this error.

First I update the /etc/apt/souces.list to the no subscription repos listed in https://pve.proxmox.com/wiki/Package_Repositories
*This did not resolve the issue.

Second I followed the SecureApt instructions to download the gpg key; with sha512 check.
*This also did not resolve the issue.

Third, based on @ZipTX above, I updated /etc/apt/sources.list.d/ceph and /etc/apt/sources.list.d/pve-enterprise.list
*This changed the errors, but I noticed it was still trying to reach enterprise sources.

Four, I commented out both the sub and non-sub listings in pve-enterprise.list

root@pve:/etc/apt/sources.list.d# cat pve-enterprise.list
#Original Sub repo
#deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise

#New non sub repor
#deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription

This resolved the issue as far as I can tell.

root@pve:/etc/apt# cat sources.list
#
#Original sources list
#deb http://ftp.us.debian.org/debian bookworm main contrib
#deb http://ftp.us.debian.org/debian bookworm-updates main contrib
# security updates
#deb http://security.debian.org bookworm-security main contrib
#
deb http://ftp.debian.org/debian bookworm main contrib
deb http://ftp.debian.org/debian bookworm-updates main contrib

# Proxmox VE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription

# security updates
deb http://security.debian.org/debian-security bookworm-security main contrib

root@pve:/etc/apt/sources.list.d# cat ceph.list
#original
#deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise
#new: non sub

deb http://download.proxmox.com/debian/ceph-quincy bookworm no-subscription

End result: Tenative success

root@pve:/etc/apt/sources.list.d# apt-get update
Hit:1 http://security.debian.org/debian-security bookworm-security InRelease
Hit:2 http://ftp.debian.org/debian bookworm InRelease
Hit:3 http://download.proxmox.com/debian/pve bookworm InRelease
Hit:4 http://ftp.debian.org/debian bookworm-updates InRelease
Hit:5 http://download.proxmox.com/debian/ceph-quincy bookworm InRelease
Reading package lists... Done

 

[t.lamprecht]

Four, I commented out both the sub and non-sub listings in pve-enterprise.list

root@pve:/etc/apt/sources.list.d# cat pve-enterprise.list
#Original Sub repo
#deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise

#New non sub repor
#deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription

This resolved the issue as far as I can tell.

Yes, you did not have any (valid) Proxmox VE subscription key setup, so accessing the default enabled enterprise repository failed.
The errors from apt are slightly confusing in such a case, the first one with "401 Unauthorized" is the relevant one, but it then tries to continue and does not find a release key for an empty response and also outputs the second "not signed" error, which is in this case bogus.

So (for others in the future) please ensure to check all errors if you run into something like this, if there's a 401 Unauthorized one, it's then normally safe to ignore other errors for the same repo, as you're just have the enterprise repository enabled but are missing a valid subscription to be able to access it.

Solutions for that are:

• Get an enterprise subscription, as we're recommending you to have for any production setup, see https://www.proxmox.com/proxmox-virtual-environment/pricing
• Switch to a public accessible repo, like the pve-no-subscription one, or even pvetest one (if this is a test instance, or you want to get the newest updates). This can be done from the command line, like you did, but also conveniently from the web UI since quite a few versions:
  
  For details about repo management see https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#_repositories_in_proxmox_ve

 

[andersostling56]

I noted the same, and have a question regarding doing manual updates instead of waiting for new 8.x releases of PVE. Is it unwise to comment away the enterprise and ceph repos and do manual updates? Or is it better to wait for official PVE updates?

root@proxmox:/etc/apt/sources.list.d# apt update
Hit:1 http://ftp.se.debian.org/debian bookworm InRelease
Hit:2 http://security.debian.org bookworm-security InRelease
Hit:3 http://ftp.se.debian.org/debian bookworm-updates InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
38 packages can be upgraded. Run 'apt list --upgradable' to see them.
root@proxmox:/etc/apt/sources.list.d# apt upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
base-files bind9-dnsutils bind9-host bind9-libs curl dbus dbus-bin dbus-daemon dbus-session-bus-common
dbus-system-bus-common libc-bin libc-l10n libc6 libcurl3-gnutls libcurl4 libdbus-1-3
libgstreamer-plugins-base1.0-0 libldb2 libnftables1 libnss-systemd libpam-systemd libsmbclient
libsystemd-shared libsystemd0 libudev1 libwbclient0 libxml2 locales nftables postfix samba-common
samba-libs smbclient systemd systemd-boot systemd-boot-efi systemd-sysv udev
38 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 29.3 MB of archives.
After this operation, 191 kB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.

 

[leesteken]

root@proxmox:/etc/apt/sources.list.d# apt upgrade

Never run apt upgrade as it may not update everything, always use the procedure documented in the manual.