Ubuntu Website Product

keyserver.ubuntu.com down all time - (110) Connection timed out

Reported by Angel Guzman Maeso on 2009-09-23
192
This bug affects 37 people
Affects Status Importance Assigned to Milestone
Ubuntu Website
Undecided
Unassigned
Ubuntu
Undecided
Unassigned

Bug Description

If you run sudo apt-get update, for me appears:
Fetched 1418B in 7s (193B/s)
W: GPG error: http://ppa.launchpad.net karmic Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 58F6A6204B5BCE32
W: Failed to fetch http://ddebs.ubuntu.com/dists/karmic/Release.gpg The HTTP server sent an invalid reply header

W: Failed to fetch http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu/dists/karmic/Release.gpg The HTTP server sent an invalid reply header

W: Failed to fetch http://ppa.launchpad.net/bisigi/ppa/ubuntu/dists/jaunty/Release.gpg The HTTP server sent an invalid reply header

W: Failed to fetch http://ppa.launchpad.net/chromium-daily/ppa/ubuntu/dists/karmic/Release.gpg The HTTP server sent an invalid reply header

W: Failed to fetch http://ppa.launchpad.net/telepathy/ppa/ubuntu/dists/karmic/Release.gpg The HTTP server sent an invalid reply header

The same way trying add a key:
udo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4B5BCE32
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 4B5BCE32
gpg: requesting key 4B5BCE32 from hkp server keyserver.ubuntu.com

... forever and forever....no response.

Anyone key is update because keyserver.ubuntu.com is down showing this message: (110) Connection timed out. Maybe is need a more powerful server o more capacity.

Aaron Wilson (aaron-ernieball) wrote :

I've been noticing this for two weeks or more now. I usually try to use commands like
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 4E5E17B5

but typically the only way I can get the key now is to use my browser and manually save the gpg key to my computer. Firefox doesn't seem to timeout as quickly as the apt-key command. That's the only reason I do it that way.

Mostly though, it's been a real pain the last couple of weeks.

Posted 09/24/09

Dennis Straffin (dbstraffin) wrote :

I'm also getting a timeout with the keyserver.

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 412F055D
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 412F055D
gpg: requesting key 412F055D from hkp server keyserver.ubuntu.com
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error

Is there another keyserver we can use?

I'm also getting a timeout with the keyserver.

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CEC06767
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys CEC06767
gpg: requesting key CEC06767 from hkp server keyserver.ubuntu.com
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error

Mitchell Tannenbaum (opensanta) wrote :

Same here.

Changed in ubuntu-website:
status: New → Confirmed
Changed in ubuntu-website:
status: Confirmed → Fix Committed
Julian Alarcon (alarconj) wrote :

Hey, this bug is fixed?? I still have all this problems.

David Horváth (chronos-hun) wrote :

Same here, having problems.

Joshua Kugler (jkugler) wrote :

This is still an issues as of October 13 at 20:11 UTC

Changed in ubuntu-website:
status: Fix Committed → Confirmed
Mark (naartjie) wrote :

I also have the same problem

Julian Alarcon (alarconj) wrote :

Wait, finally!!! It's solved!!!
You can check the site: http://keyserver.ubuntu.com:11371/

Changed in ubuntu-website:
status: Confirmed → Fix Released
JR (jon3141) wrote :

I am getting time outs connecting to the keyserver. I had to submit the command apt-key 5 times, over the course of an hour, before I was able to get the key.

Angel Guzman Maeso (shakaran) wrote :

Not fixed yet.

Changed in ubuntu-website:
status: Fix Released → Confirmed
Gaunt Face (matt-gauntface) wrote :

I've been getting this problem for the last couple of days on the beta of Karmic Koala

Getting this issue for months now :S - its a joke.. how does anyone expect us to depend on Ubuntu for business when things constantly break due to keyserver.ubuntu.com being down.. This is just stupid.

looks like I'm going to look into setting up our own servers for this - but here is a list of alt servers that can be used -

keyserver hkp://subkeys.pgp.net
keyserver hkp://pgp.mit.edu
keyserver hkp://pool.sks-keyservers.net (random server)
keyserver hkp://keys.nayr.net
keyserver http://keys.gnupg.net
keyserver http://wwwkeys.xx.pgp.net where xx is a two-letter country code.

Yuriy Tkachenko (yuriytk) wrote :

Thanks to d2globalinc.
After 2 days of time out from keyserver.ubuntu.com finally I got a key from hkp://pool.sks-keyservers.net

Gnz (gonzalocasas) wrote :

Thanks d2globalinc!

ValiSystem (vali-system) wrote :

Handpatched /usr/share/pyshared/softwareproperties/ppa.py line 80

# FIXME: this needs to go - elmo says the keyserver will not handle
# the load
subprocess.call(
# ["apt-key", "adv", "--keyserver", "keyserver.ubuntu.com",
                ["apt-key", "adv", "--keyserver", "pool.sks-keyservers.net",
                 "--recv", signing_key_fingerprint])

Rage, anger and feeling of betrayal. I've been driven crazy by keyserver.ubuntu.com every time i tried to use it last months.

stif (stif-gmx) wrote :

Wich port uses the keyserver? Maybe it was coincidentally, but when i turned off my firewall i was able to reach the keyserver on the first try for 2 different Keys..

Michał Gołębiowski (mgol) wrote :

@stif
11371

Still down as of today,

Matthew East (mdke) wrote :

This isn't a bug in Ubuntu, but rather a problem with the server that hosts this service. The Ubuntu Website Team doesn't maintain this server, but rather the Ubuntu sysadmins. I'll report the issue to their issue tracker and will post back here once I get a link to follow the issue.

Changed in ubuntu:
status: New → Invalid
Changed in ubuntu-website:
status: Confirmed → Invalid
Joshua Kugler (jkugler) wrote :

@Matthew: Thanks. I suppose the frustrating (and scary!) thing is the fact that this enterprise-crucial service does not have some sort of monitoring on it to alert the system admins when it is not working.

Matthew East (mdke) wrote :

Until we know the cause of this, I don't think we can speculate that there is no monitoring on the service. There may well be.

Joshua Kugler (jkugler) wrote :

I suppose, but if a production-critical server had been unreachable this long at my workplace, I would have been fired a long time ago.

Don't get me wrong, I really, really, really like Ubuntu, but when something like this happens, it reflects badly on Ubuntu, and Canonical as a whole. Canonical is trying to position itself as an "enterprise" operating system vendor. When they can't keep their own services up, it just looks really, really bad. If I was in a manager's shoes, I would have serious doubts about the quality of work coming out of a company that can't even keep its own servers up and running.

juliobahar (yahalla-julio) wrote :

I was able to get the public key from the ubuntu server today for the following
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CEC06767

This is Launchpad Nvidia Vdpau Team PPA. I guess it is related to the latest Nvidia driver 190.xx that I've downloaded recently on my Acer laptop with the x86 bit Desktop version of Karmic

Paul Crawford (psc-sat) wrote :

Getting time outs as well. Come on, who is in charge of the key server? Why is there not a system of falling back to a 2nd server when the primary is down?

Paul Crawford (psc-sat) wrote :

OK worked now, but why the problems?

Mike Conigliaro (mconigliaro) wrote :

And it's down again today...

# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3F95EA18
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 3F95EA18
gpg: requesting key 3F95EA18 from hkp server keyserver.ubuntu.com
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error

And it has been down again for at least 24 hours.

If Ubuntu aren't going to keep this up and running then at least alter add-apt-repository so that uses a different server.

Aaron (soulblade) wrote :

I am also getting this issue. Is there anything that can be done to make this more reliable. For example, have more than 1 key server so the 'Software Sources' tool could try (for example) "keyserver1.ubuntu.com:11371" and if that fails then try "keyserver2.ubuntu.com:11371".

VastOne (vastone) wrote :

Add me to this list...Been trying for 12 hours with no success. keyserver.ubuntu.com is down

VastOne (vastone) wrote :

Seems to be back up now

Phillip Kent (phillip-kent) wrote :

I wonder how much of this problem is to with firewalls. Working within a heavy institutional firewall I could not get any of the keyservers listed above to work. But it worked first time I tried using a broadband router at home.

Simon (simonbcn) wrote :

firewalls? The port must be open in server, not in client!!
Anyway, I have tried with port 11371 open and it fails too.
This is a severe problem that it repeats continually, but I don't see that no one does nothing to resolve it. o_O

Uphaar Agrawalla (uphaar) wrote :

This is still happening, yesterday and today (right now it is timing out).

Alex Wauck (awauck) wrote :

Still down. Is there an Ubuntu services status page? If not, there should be.

Troy Ready (troyready) wrote :

Down for me now as well.

EdPC (edpc) wrote :

Please ask your administrator to open tcp/11371 port on your firewall. I had also this trouble till that port was opened. After was opened it worked fine. Just try to open http://keyserver.ubuntu.com:11371/ on your browser to check it.

Amedeo (amedeo-salvati) wrote :

still down, and i have opened 11371 port

Colin Mills (cm006a5077) wrote :

The server is still off-line, (I completely disabled my firewall to confirm). The problem seem to have been getting consistently worse in the last week or two, with the connection being down for several hours at a time. The last outage started yesterday lunchtime, and is still off-line now.
We do need some way of accessing a website which tells us the state of 'keyserver.ubuntu.com'.

James Troup (elmo) wrote :

We've put squid and haproxy in front of the actual SKS instances
(which is not as easy or obvious as it sounds, squid and HKP clients
don't play well together out of the box) which should improve things
vastly. Please let us know if you continue to see problems.

Ying Tim (ytim1010) wrote :

After turning off both my firewalls (router and pc), I was able to get a key:
sudo add-apt-repository ppa:pmcenery/ppa
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv [I deleted these numbers/letters]
gpg: requesting key D48B8E25 from hkp server keyserver.ubuntu.com
gpg: key D48B8E25: public key "Launchpad PPA for Paul McEnery" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

Joshua Kugler (jkugler) wrote :

I disagree this is a duplicate, although it may have duplicate components. I subscribed to this but because port 11371 connections were timing out for me, and I am *not* behind a firewall as #524416 implies.

hexafraction (rarkenin) wrote :

Yep, it's very slow, but I managed to get a key through after countless timeouts.

Same problem here. Solution was to download and import the key manually.

Steps:
- Open the site http://keyserver.ubuntu.com:11371/
- Enter the fingerprint (e.g. 0x810273C4) as search string and click search
- Search for the line marked with type "pub" and click on the fingerprint
- Copy the result (everthing including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----) into a file (e.g. key.pub)
- run "apt-key add key.pub"

Result should be "OK" (can be double checked with apt-key list).

Have a nice day ;)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers