Can you describe how you did the Ubuntu update and Pi-hole each time, ie what order and how? I'm installing 22.04 LTS now to see if it happens here. Perhaps Ubuntu is trying to be too clever in something it does and messing around with Github access.
So I install Ubuntu 22.04 and install Pihole. Everything runs fine... but, after a few days, When I get an Ubuntu update notification, I open terminal and use:
sudo apt update && sudo apt upgrade && sudo apt dist-upgrade
Once it finishes, I use:
pihole -up, then I get the error message.
I just installed pihole in Linux Mint 21.1 and I am able to update it without breaking Pihole updates., But, we'll see in a few days when an update comes.
No need to dist-upgrade unless you're actually upgrading to a new release.
I have also used, sudo apt update && sudo apt full-upgrade
still get same error afterwards.
It's installed and working with Pi-hole also installed and working. I can reach Github no problem, and updates and pihole -up works. I'll snapshot the machine and try the updates in a couple of days when there are some, but I suspect it won't change anything.
chris@ubuntu-ph:~$ curl -IL https://github.com/pi-hole/ftl/releases/latest/download/pihole-FTL-linux-x86_64
HTTP/2 302
server: GitHub.com
date: Sat, 25 Feb 2023 22:24:28 GMT
...
Out of interest can you run these commands and post the results
which curl
/usr/bin/curl -V
/snap/bin/curl -V
/usr/bin/curl -I https://github.com/pi-hole/ftl/releases/latest/download/pihole-FTL-linux-x86_64
/snap/bin/curl -I https://github.com/pi-hole/ftl/releases/latest/download/pihole-FTL-linux-x86_64yea.. it will run fine for a few days/week.. but just wait until ubntu software center lets you know there's an update.. then update ubuntu and run
pihole -up.
Will do.
and you're running ubuntu 22.04 right?
Yes
What does that original curl command give you on Mint? No need to post the entire output if it works, just whether it's still refused or not.
I think I found the issue!
After I install and setup Pihole, I add a list with a bunch of adlists...
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
https://v.firebog.net/hosts/RPiList-Malware.txt
https://v.firebog.net/hosts/RPiList-Phishing.txt
https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt
https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts
https://urlhaus.abuse.ch/downloads/hostfile/
https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser
https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/NoBypass.list
https://raw.githubusercontent.com/oneoffdallas/dohservers/master/list.txt
https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-domains.txt
So, I thought, what if one or more of these adlists is causing the conflict.. so i removed them all and only left the one that comes preinstalled with Pihole.. and voila.. the issue is gone and I can now update pihole!
I just don't know which one of those is the causing blocking the connections that pihole needs.
EDIT:
Turns out.. this was culprit!
https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/NoBypass.list
This sucks because that adlist helps with not allowing devices to bypass pihole when using HTTPS connection. It works great, but it looks like it breaks something that prevents connection to github update site for pihole.
Continue using the list, but whitelist the domain(s) needed for github.
oohh.. didint' think of that...how can I do that?
Whitelist the following domain (which appears on that adlist):
github.com
Thank you @jfb .. that did the trick!
So glad I can still use the adlist!
I didn't even think that an adlist would cause this issue. Not sure why I even thought of checking that lol.
For completeness I'll report my results now that it's a couple of days later.
There were a couple of Ubuntu updates available. Applying them they way you did installed them but Pi-hole was still able to update. There were a couple of additional Ubuntu updates "kept back" (isc-dhcp-client & isc-dhcp-common) which looked suspiciously like they might give headaches if forced, but forcing them didn't cause any problems and Pi-hole could still update.
I tried the adlist you used and it didn't cause me problems until I changed my /etc/resolv.conf to use itself for DNS. At that point sure enough github.com was blocked and that caused updates to fail. Interestingly they failed in a specific way, with FTL somehow seeing the failure as an update being available.
github.com not blocked
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] Web Interface: up to date
[i] FTL: up to date
[✓] Everything is up to date!
github.com blocked
[i] Checking for updates...
fatal: unable to access 'https://github.com/pi-hole/pi-hole.git/': Failed to connect to github.com port 443 after 2 ms: Connection refused
[i] Pi-hole Core: up to date
fatal: unable to access 'https://github.com/pi-hole/AdminLTE.git/': Failed to connect to github.com port 443 after 1 ms: Connection refused
[i] Web Interface: up to date
[i] FTL: update available
[i] FTL out of date, it will be updated by the installer.
[...]
Unable to complete update, please contact Pi-hole Support
$ curl -IL https://github.com/pi-hole/ftl/releases/latest/download/pihole-FTL-linux-x86_64
curl: (7) Failed to connect to github.com port 443 after 1 ms: Connection refused
It's best to not let Pi-hole use itself for DNS resolution as that can lead to problems like this, or if Pi-hole has a problem then it may not be able to reach anywhere externally to fix the problem. It's recommended instead to use an external server such as your ISP's DNS or one of the public ones such as Quad9. I don't know if this is explained formally anywhere, I can't find it in the docs.
1 Like
I don't know if it is in the documentation but it is the best practice for Pi-hole. We used to require localhost or 127.0.0.1 on the host system but that requirement changed a few years ago.
1 Like
Can you open an Issue on GitHub - pi-hole/pi-hole: A black hole for Internet advertisements for this? That's not the intended behavior.
1 Like