[Solved] Cannot update Pi-Hole (Unable to get latest release location from GitHub)

Please follow the below template, it will help us to help you!

Expected Behaviour:

Should be able to update Pi-hole/FTL.

Actual Behaviour:

Unable to update, receive 'Error: Unable to get latest release location from GitHub' error.

Debug Token:

ipswegz7d7

Hi there,

I had some issues getting Pi-Hole setup on a Raspberry Pi 3 with Rasbian Stretch Lite on it. See link to issue.

In order to get around that issue, I had to connect the RPi3 to to my cell phone's connection to allow it to download and install Pi-Hole. I had initially thought that because I had an existing Pi-Hole on my network, it was somehow causing the issue and left it at that.

Forward to today, I wanted to see if there were any update, so i ran pihole -up but received the following error message:

pi@rpi:~ $ pihole -up
 [i] Checking for updates...
 [i] Pi-hole Core:     up to date
 [i] FTL:              update available

 [i] FTL out of date

 [i] FTL Checks...
 [✓] Detected ARM-hf architecture (armv7+)
 [i] Checking for existing FTL binary...
 [✗] Downloading and Installing FTL
 Error: Unable to get latest release location from GitHub

Searching around, I came across this article that says this is a common error with Raspbian Jessie and having a different version of dnsmasq. I checked the version installed on my RPi3 and I have the recommend v2.76:

pi@rpi:~ $ dnsmasq -v
Dnsmasq version 2.76  Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.

To make sure I could actually reach GitHub, here is the output from dig github:

pi@rpi:~ $ dig github.com

; <<>> DiG 9.10.3-P4-Raspbian <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47548
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;github.com.                    IN      A

;; ANSWER SECTION:
github.com.             24      IN      A       192.30.253.112
github.com.             24      IN      A       192.30.253.113

;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 30 15:00:59 EDT 2018
;; MSG SIZE  rcvd: 71

Not really sure what's happening here. The only device in my network is a router, which has DNS pointing to the RPi3, and no firewall rules in place on the device. I can try connecting the RPi3 to my cell phone when I get home and run pihole -up to see if it works there, but I find it strange that it's not working over the LAN line.

Debug token is: ipswegz7d7

Thanks in advance!

I don't see anything wrong in your debug log.
What is the output of these commands?

curl -sI https://github.com/pi-hole/FTL/releases/latest
curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}'

Both of these commands returned no results:

pi@rpi:~ $ curl -sI https://github.com/pi-hole/FTL/releases/latest
pi@rpi:~ $

pi@rpi:~ $ curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}'
pi@rpi:~ $

What is the output of this command?

curl -i https://github.com/pi-hole/FTL/releases/latest

Now I’m getting some output:

pi@rpi:~ $ curl -i https://github.com/pi-hole/FTL/releases/latest
curl: (35) error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
pi@rpi:~ $

How about:

curl -svi https://github.com/pi-hole/FTL/releases/latest

Sorry, on mobile. Edited formatting.

    pi@rpi:~ $ curl -svi https://github.com/pi-hole/FTL/releases/latest
*   Trying 192.30.253.112...
* TCP_NODELAY set
* Connected to github.com (192.30.253.112) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=5157550; street=88 Colin P Kelly, Jr Street; postalCode=94107; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
*  start date: Mar 10 00:00:00 2016 GMT
*  expire date: May 17 12:00:00 2018 GMT
*  subjectAltName: host "github.com" matched cert's "github.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
*  SSL certificate verify ok.
> GET /pi-hole/FTL/releases/latest HTTP/1.1
> Host: github.com
> User-Agent: curl/7.52.1
> Accept: */*
> 
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Server: GitHub.com
Server: GitHub.com
< Date: Wed, 02 May 2018 19:03:11 GMT
Date: Wed, 02 May 2018 19:03:11 GMT
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
< Status: 302 Found
Status: 302 Found
< Cache-Control: no-cache
Cache-Control: no-cache
< Vary: X-PJAX
Vary: X-PJAX
< Location: https://github.com/pi-hole/FTL/releases/tag/v3.0
Location: https://github.com/pi-hole/FTL/releases/tag/v3.0
< Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Sun, 02 May 2038 19:03:11 -0000; secure; HttpOnly
Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Sun, 02 May 2038 19:03:11 -0000; secure; HttpOnly
< Set-Cookie: _gh_sess=b3BCZm9VOW1KQTVMc0Y0UDI5Rkw1QU5GakI1NVRza1pGcS82dzNWTURQL25DdlpGblRQSFZscmJ2elNlWlBNdnpFTjJtS1FVN0RIQVNJQ2NiUS9RcnZoTVVmZDZFdzV5cHExVktaaEJUb1J6NStDNE9kN3A1d1Y1Q29xS2xUK0tpUkpNUk9kNk5UVUhPQlNkVGhVcFEyQTA1WVgrM2o5NlpiZVpSdEp4enFLTkdFMlZKU2NQSXZWbHplZGRHRndNLS1uUFVCbXV2ZkRQeC83V3p0VnBKYXF3PT0%3D--730fe178ffd95bfc2f874dc7589b758aeec87b75; path=/; secure; HttpOnly
Set-Cookie: _gh_sess=b3BCZm9VOW1KQTVMc0Y0UDI5Rkw1QU5GakI1NVRza1pGcS82dzNWTURQL25DdlpGblRQSFZscmJ2elNlWlBNdnpFTjJtS1FVN0RIQVNJQ2NiUS9RcnZoTVVmZDZFdzV5cHExVktaaEJUb1J6NStDNE9kN3A1d1Y1Q29xS2xUK0tpUkpNUk9kNk5UVUhPQlNkVGhVcFEyQTA1WVgrM2o5NlpiZVpSdEp4enFLTkdFMlZKU2NQSXZWbHplZGRHRndNLS1uUFVCbXV2ZkRQeC83V3p0VnBKYXF3PT0%3D--730fe178ffd95bfc2f874dc7589b758aeec87b75; path=/; secure; HttpOnly
< X-Request-Id: 7f2f9b0d-388b-474c-912f-8008f6c988b9X-Request-Id: 7f2f9b0d-388b-474c-912f-8008f6c988b9
< X-Runtime: 0.072702
X-Runtime: 0.072702
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Frame-Options: deny
X-Frame-Options: deny
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
< Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
< Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com
< X-Runtime-rack: 0.080398
X-Runtime-rack: 0.080398
< X-GitHub-Request-Id: ED5C:095C:82437D:FDE5A9:5AEA0B6F
X-GitHub-Request-Id: ED5C:095C:82437D:FDE5A9:5AEA0B6F

< 
* Curl_http_done: called premature == 0
* Connection #0 to host github.com left intact
<html><body>You are being <a href="https://github.com/pi-hole/FTL/releases/tag/v3.0">redirected</a>.</body></html>pi@rpi:~ $

Hm, that looks like it is working. What's the output of these commands now?

curl -sI https://github.com/pi-hole/FTL/releases/latest
curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}'

Same result as before, no output:

pi@rpi:~ $ curl -sI https://github.com/pi-hole/FTL/releases/latest
pi@rpi:~ $

pi@rpi:~ $ curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}'
pi@rpi:~ $

curl -si https://github.com/pi-hole/FTL/releases/latest

Same:

pi@rpi:~ $ curl -si https://github.com/pi-hole/FTL/releases/latest
pi@rpi:~ $

Can you visit that URL in a browser using Pi-hole?

Sorry, I'm on a mobile right now. I'm connected through a VPN to reach my Pihole (not at home) so I can't test on my local network. Below is a simple wget from the PiHole:

pi@rpi:~ $ wget https://github.com/pi-hole/FTL/releases/latest
--2018-05-02 15:26:24--  https://github.com/pi-hole/FTL/releases/latest
Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113
Connecting to github.com (github.com)|192.30.253.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github.com/pi-hole/FTL/releases/tag/v3.0 [following]
--2018-05-02 15:26:24--  https://github.com/pi-hole/FTL/releases/tag/v3.0
Reusing existing connection to github.com:443.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘latest’

latest             48.96K  --.-KB/s    in 0.06s    

2018-05-02 15:26:25 (816 KB/s) - ‘latest’ saved [50139]

pi@rpi:~ $

Ok, try curl -Si https://github.com/pi-hole/FTL/releases/latest

pi@rpi:~ $ curl -Si https://github.com/pi-hole/FTL/releases/latest
curl: (35) error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
pi@rpi:~ $

What is the output of:

sudo apt-cache policy ca-certificates

pi@rpi:~ $ sudo apt-cache policy ca-certificates
ca-certificates:
  Installed: 20161130+nmu1
  Candidate: 20161130+nmu1
  Version table:
 *** 20161130+nmu1 500
        500 http://raspbian.raspberrypi.org/raspbian stretch/main armhf Packages
        100 /var/lib/dpkg/status
pi@rpi:~ $

Run sudo apt-get update and then the previous command.

pi@rpi:~ $ sudo apt-get update
Get:1 http://archive.raspberrypi.org/debian stretch InRelease [25.3 kB]
Get:2 http://raspbian.raspberrypi.org/raspbian stretch InRelease [15.0 kB]
Get:3 http://raspbian.raspberrypi.org/raspbian stretch/main armhf Packages [11.7 MB]
Fetched 11.7 MB in 10s (1,147 kB/s)                
Reading package lists... Done
pi@rpi:~ $ sudo apt-cache policy ca-certificates
ca-certificates:
  Installed: 20161130+nmu1
  Candidate: 20161130+nmu1
  Version table:
 *** 20161130+nmu1 500
        500 http://raspbian.raspberrypi.org/raspbian stretch/main armhf Packages
        100 /var/lib/dpkg/status
pi@rpi:~ $

You might not have up to date CA certificates.
Try these commands:

sudo apt-get purge ca-certificates
sudo apt-get install ca-certificates

Edit: And for good measure, sudo apt-get upgrade