apt-get not working in ec2

apt upgrade package-management updates amazon-ec2

8,002

Solution 1

I had the exact issue described here, and had triple checked my security group (firewall) and still could not access the internet. If you've still having issues like me, there are two other possible causes/solutions depending on your subnet routing:

if your instance is in a private subnet (one without an 'internet gateway' route), then you'll have this issue. You'll need to setup a NAT gateway and use that as a route for 0.0.0.0/0 if you want it to remain private (see this AWS KB article), or
if your instance is in a public subnet (that is one with an 'internet gateway' route), and you're still not able to access the internet, then you need to make sure your instance has either an Elastic IP or a Public IP (aka a free non-Elastic IP). Note: Also note, public IP's can only be enabled on instance launch (see this AWS KB article).

Solution 2

It's an easy fix.

Just Go to AWS VPC and select your Route Table, Just add ::/0 >

then execute apt-get update

Solution 3

It was an issue with the firewall that this server routes through. Once we allowed 10.0.0.0/8 :80 out, it worked. I think the wget worked is because 443 was allowed.

8,002

femaven

Updated on September 18, 2022

Comments

femaven over 1 year
I'm running 14.04 LTS on EC2. I was trying to run apt-get update.
```
ubuntu@splunk:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.5 LTS
Release:        14.04
Codename:       trusty
```
The error that I'm getting is:
```
ubuntu@splunk:~$ sudo apt-get update
Err http://us.archive.ubuntu.com trusty-security InRelease

Err http://us.archive.ubuntu.com trusty-updates InRelease

Err http://us.archive.ubuntu.com trusty-security Release.gpg
  Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::16). - connect (101: Network is unreachable) [IP: 2001:67c:1562::16 80]
Err http://us.archive.ubuntu.com trusty-updates Release.gpg
  Cannot initiate the connection to us.archive.ubuntu.com:80 (2001:67c:1562::16). - connect (101: Network is unreachable) [IP: 2001:67c:1562::16 80]
0% [Connecting to archive.ubuntu.com (91.189.88.162)]
```
I've confirmed my sources and ran the following but it still wasn't working
```
sudo apt-get autoremove
$ sudo apt-get --purge remove && sudo apt-get autoclean
$ sudo apt-get -f install
$ sudo apt-get update
$ sudo apt-get upgrade && sudo apt-get dist-upgrade
$ sudo dpkg-reconfigure -a
$ sudo dpkg --configure -a
```
It's not a network issue but I am able to get run wget out to splunk.com on http and DNS resolution is completing.
- Ravexina about 7 years
  
  Not sure if it helps you or not, but check it out: here
- femaven about 7 years
  
  Just tried it and it didn't work. but it was worth the try.
- Olimjon about 7 years
  
  Maybe, you are using proxy? In that case, check this one: askubuntu.com/questions/711889/…
- Michael - sqlbot about 7 years
  
  Compare curl -v ipv4.icanhazip.com against curl -v ipv6.icanhazip.com. Do they both succeed? It sounds as if you have IPv6 available in your VPC but you do not actually have IPv6 connectivity configured correctly -- perhaps only IPv4 is working as expected. DNS always works in VPC so it isn't a valid test of connectivity and the web site you tested might have resolved to an IPv4 address (you didn't mention). Not sure, since the last line of apt-get output is clipped.
- Michael - sqlbot about 7 years
  
  Actually, that second one might need to be curl -v -6 ipv6.icanhazip.com.
- femaven about 7 years
  
  @olimjon the curl -v ipv4.icanhazip.com wasn't working . The wget to splunk to pull down splunk 6.5.3 gave me this - Resolving www.splunk.com (www.splunk.com)... 52.84.125.98, 52.84.125.253, 52.84.125.107, ... Connecting to www.splunk.com (www.splunk.com)|52.84.125.98|:443... connected. HTTP request sent, awaiting response... 302 Found also when I ping us.archive.ubuntu.com, I was receiving responses.
- femaven about 7 years
  
  @Michael-sqlbot the curl -v ipv4.icanhazip.com wasn't working . ubuntu@splunk:~$ curl -v ipv4.icanhazip.com * Rebuilt URL to: ipv4.icanhazip.com/ * Hostname was NOT found in DNS cache * Trying 45.76.24.96... * connect to 45.76.24.96 port 80 failed: Connection timed out * Trying 107.191.44.218... * After 86370ms connect time, move on! * connect to 107.191.44.218 port 80 failed: Connection timed out * Failed to connect to ipv4.icanhazip.com port 80: Connection timed out * Closing connection 0 curl: (7) Failed to connect to ipv4.icanhazip.com port 80: Connection timed out
- femaven about 7 years
  
  @Michael-sqlbot ubuntu@splunk:~$ curl -v -6 ipv6.icanhazip.com * Rebuilt URL to: ipv6.icanhazip.com/ * Hostname was NOT found in DNS cache * Trying 2001:19f0:5c01:252:b9b8:9a88:2136:2850... * Immediate connect fail for 2001:19f0:5c01:252:b9b8:9a88:2136:2850: Network is unreachable * Trying 2001:19f0:6401:40:2e76:859e:ca7:962f... * Immediate connect fail for 2001:19f0:6401:40:2e76:859e:ca7:962f: Network is unreachable * Closing connection 0 curl: (7) Couldn't connect to server
- femaven about 7 years
  
  The wget to splunk to pull down splunk 6.5.3 gave me this - Connecting to www.splunk.com (www.splunk.com)|52.84.125.98|:443... connected. HTTP request sent, awaiting response... 302 Found
d8aninja over 2 years

i am on an instance in a public subnet with a public ip and routes to my igw (i'm ssh'ing via the ip4 dns name) and still getting this error
alexkb over 2 years

Did you also check the other answers - re: security group? Another possibility is that you have DNS issues. You can test that by trying to access something other than ubuntu from the cli e.g. run $ curl example.com. If you don't see a bunch of html come back, then it's DNS related.
d8aninja over 2 years

turns out i hadn't included the routes from my ec2 to the igw!