{"id":151462,"date":"2026-06-21T14:35:41","date_gmt":"2026-06-21T14:35:41","guid":{"rendered":"\/tutorials\/?p=151462"},"modified":"2026-06-21T08:31:45","modified_gmt":"2026-06-21T08:31:45","slug":"how-to-update-ubuntu","status":"publish","type":"post","link":"\/tutorials\/how-to-update-ubuntu","title":{"rendered":"How to update Ubuntu on a VPS"},"content":{"rendered":"

Learning how to update Ubuntu on a VPS is one of the first steps after setting up your server. Updates patch security holes, fix software bugs, and keep your packages compatible with the latest libraries. Servers that fall behind are easier targets for attackers and more likely to break when you install new software.<\/p>

To update Ubuntu, you’ll run a few apt<\/code> commands through the terminal. You can also set up automatic security updates so patches apply even when you’re not logged in.<\/p>

Updating packages is different from upgrading to a new Ubuntu release (like moving from 22.04 to 24.04). A release upgrade replaces system-level files and is a separate process.<\/p>

You’ll need SSH or terminal access to your server to run these commands.<\/p>

Here are the commands in order. On a production server, create a snapshot or backup before running apt upgrade<\/code>.<\/p>

sudo apt update\napt list --upgradable\nsudo apt upgrade\nsudo apt autoremove\ncat \/var\/run\/reboot-required\nsudo reboot<\/pre>
1. Connect to your Ubuntu server<\/h2>
Connect to your Ubuntu server by running the ssh command from a terminal on your local computer:<\/p>
ssh username@your_server_ip<\/pre>
Replace username<\/code> with your actual user (often root<\/strong> on a fresh server) and your_server_ip<\/code> with the server’s IP address.<\/p>
Hostinger users can find their VPS IP address and login details in hPanel under the VPS<\/strong> section. From there, connect using Terminal on macOS and Linux, Windows Terminal or PuTTY on Windows, or any other SSH client.<\/p>
If this is your first time working with a remote server, <\/a>set up a VPS<\/a> before starting the update process. A few <\/a>basic SSH commands,<\/a> such as ls<\/code>, cd<\/code>, and pwd<\/code>, will help you navigate the server.<\/p>
For a more secure login, you can <\/a>set up SSH keys<\/a> instead of using a password every time.<\/p>
\"\"<\/a><\/figure>
2. Check your current Ubuntu version<\/h2>
Use lsb_release -a<\/code> or hostnamectl<\/code> to check which Ubuntu version your server is running before you start updating.<\/p>
lsb_release -a<\/pre>
This prints the distributor, description, release number, and codename. The Release<\/strong> line shows your version number, like 24.04<\/strong>, and Codename<\/strong> shows the name, like noble<\/strong>.<\/p>
You can also use:<\/p>
hostnamectl<\/pre>
The Operating System<\/strong> line in the output confirms your Ubuntu version and shows the kernel version and system architecture.<\/p>
Knowing your version matters because some packages and updates are specific to each release. If neither command works on your system, you can <\/a>check your Ubuntu version<\/a> using other tools, such as \/etc\/os-release<\/code>.<\/p>
3. Refresh the package list<\/h2>
sudo apt update<\/code> refreshes your server’s local list of available packages from Ubuntu’s repositories:<\/p>
sudo apt update<\/pre>
This command does not install anything. It only downloads the latest package information so your server knows what can be upgraded and where to get it.<\/p>
At the end of the output, a line like 8 packages can be upgraded<\/strong> tells you updates are ready. If it says All packages are up to date<\/strong>, there’s nothing to install.<\/p>
Run this command before every upgrade. Without a fresh list, apt upgrade<\/code> may skip updates or try to download versions that no longer exist.<\/p>
4. Check available package upgrades<\/h2>
apt list --upgradable<\/code> shows every package that has a newer version available:<\/p>
apt list --upgradable<\/pre>
The output lists each package name, its current version, and the version it will upgrade to. If you don’t recognize most of the names, that’s normal. Most are system libraries or background dependencies.<\/p>
On a production VPS, check this list before upgrading so you know whether a database, web server, or language runtime is about to change.<\/p>
If you want to skip a specific package for now, hold it with sudo apt-mark hold package_name<\/code> and upgrade the rest.<\/p>
\n\n\n\n
\n                    
Pro Tip<\/h4>\n                    
 Create a snapshot or backup before upgrading, especially on a production server. If an update causes problems, a snapshot gives you a faster recovery path than troubleshooting live. Hostinger users can create a VPS snapshot from hPanel. <\/p>\n                <\/div>\n\n\n\n<\/p>
5. Upgrade installed packages<\/h2>
sudo apt upgrade<\/code> installs all available package updates on your Ubuntu server:<\/p>
sudo apt upgrade<\/pre>
APT shows a summary of what it plans to change. Type Y<\/strong> and press Enter<\/strong> to confirm.<\/p>
This command installs newer versions of your current packages. It adds new dependencies if a package needs them, but it won’t remove anything already installed.<\/p>
Some running services (like Nginx or MySQL) may restart automatically after their packages update. On a production server, plan upgrades during low-traffic hours.<\/p>
If an update needs to remove a package to solve a dependency conflict, apt upgrade<\/code> skips it. This often happens during kernel or major library updates. For those situations, use:<\/p>
sudo apt full-upgrade<\/pre>
\n\n\n\n    
\n        Warning!<\/strong> full-upgrade<\/code><\/b> can remove packages to solve dependency problems. Review the summary carefully before confirming, and check that APT isn't removing something you rely on.    <\/p>\n    \n\n\n\n<\/p>
6. Remove unused packages<\/h2>
sudo apt autoremove<\/code> deletes packages that were installed as dependencies but are no longer needed:<\/p>
sudo apt autoremove<\/pre>
After upgrades, old dependency versions (like outdated kernel images or replaced library packages) often stay behind. autoremove<\/code> finds and removes them.<\/p>
7. Reboot the VPS if required<\/h2>
Check whether your server needs a reboot by looking for the file \/var\/run\/reboot-required<\/code>:<\/p>
cat \/var\/run\/reboot-required<\/pre>
If the file exists, the output reads *** System restart required ***<\/code>. If nothing prints, no reboot is needed. Kernel and system library updates are the most common reason this file appears.<\/p>
This file is created by post-install hooks in certain packages. On minimal or custom Ubuntu images, the hooks may not be present, so a reboot could still be needed even when the file doesn’t appear. If you just updated the kernel, reboot regardless.<\/p>
To see which packages triggered the reboot notice:<\/p>
cat \/var\/run\/reboot-required.pkgs<\/pre>
When you’re ready, reboot with:<\/p>
sudo reboot<\/pre>
Your SSH session will disconnect. Wait a minute or two, then reconnect.<\/p>
\n\n\n\n
Important!<\/strong> Save any work and let your team know before rebooting a production VPS. Running services stop during the restart, so plan reboots during a maintenance window. <\/p><\/div>\n\n\n\n<\/p>
8. Confirm Ubuntu is updated<\/h2>
Verify that your server is fully updated by running sudo apt update<\/code> again and checking for leftover upgrades:<\/p>
sudo apt update\napt list --upgradable<\/pre>
apt list --upgradable<\/code> should return nothing below the Listing… Done<\/strong> line. That means all available packages are current.<\/p>
To confirm the kernel version after a reboot:<\/p>
uname -r<\/pre>
The version number should match the latest kernel that was installed. You can also re-run lsb_release -a<\/code> to verify your Ubuntu release. Package updates don’t change the release number. Only do-release-upgrade<\/code> moves you to a new Ubuntu version like 24.04 or 26.04.<\/p>
How to enable automatic security updates on Ubuntu<\/h2>
Install the unattended-upgrades<\/code> package to apply security patches automatically between manual update sessions.<\/p>
Many Ubuntu Server installs already have it. Check by running:<\/p>
dpkg -s unattended-upgrades | grep Status<\/pre>
If the output shows install ok installed<\/strong>, the package is already there. If not, install it:<\/p>
sudo apt install unattended-upgrades<\/pre>
Then enable it:<\/p>
sudo dpkg-reconfigure unattended-upgrades<\/pre>
A prompt asks whether to automatically download and install stable updates. Select Yes<\/strong>.<\/p>
This creates the settings file at \/etc\/apt\/apt.conf.d\/20auto-upgrades<\/strong>, which tells APT to check for and apply security updates daily. By default, only packages from Ubuntu’s -security<\/code> repository are included.<\/p>
To change what gets updated, block specific packages, or set <\/a>automatic reboot rules<\/a>, edit \/etc\/apt\/apt.conf.d\/50unattended-upgrades<\/strong>.<\/p>
Automatic updates don’t replace manual check-ins. Log in regularly to check for pending reboots, failed updates in \/var\/log\/unattended-upgrades\/<\/strong>, and whether your services are running as expected.<\/p>
Common Ubuntu update errors<\/h2>
Most update problems come down to five issues: locked package files, interrupted updates, broken dependencies, missing repositories, and package configuration prompts.<\/p>
Locked APT process.<\/strong> You see an error like Could not get lock \/var\/lib\/dpkg\/lock-frontend<\/strong>. This means another package manager process is still running. Check what’s using the lock:<\/p>
sudo lsof \/var\/lib\/dpkg\/lock-frontend<\/pre>
Wait for the existing process to finish. If the process crashed and left a stale lock, remove it only after confirming nothing is running:<\/p>
sudo rm \/var\/lib\/dpkg\/lock-frontend\nsudo dpkg --configure -a<\/pre>
Interrupted update.<\/strong> An SSH drop or power loss mid-update can leave packages half-installed. Fix it with:<\/p>
sudo dpkg --configure -a<\/pre>
This finishes setting up any packages that were left in a broken state.<\/p>
Broken dependencies.<\/strong> When packages need other packages that aren’t installed, run:<\/p>
sudo apt --fix-broken install<\/pre>
APT downloads the missing packages and reconfigures everything so the dependencies match.<\/p>
Missing repository.<\/strong> If apt update<\/code> shows errors about a repository it can’t reach, check your sources list in \/etc\/apt\/sources.list<\/strong> and the files in \/etc\/apt\/sources.list.d\/<\/strong>. Remove or fix any entries pointing to repositories that no longer exist.<\/p>
Package configuration prompts.<\/strong> Sometimes an update asks whether to keep your current config file or replace it with the package’s new version. On a VPS where you’ve customized config files, choose to keep the local version<\/strong> unless you know the new file is needed.<\/p>
If you’re new to the terminal, brushing up on common <\/a>Linux commands<\/a> like grep<\/code>, cat<\/code>, and ps<\/code> can speed up troubleshooting.<\/p>
Keep your Ubuntu VPS secure after updating<\/h2>
Updating packages is one way to keep a VPS safe. A maintenance routine also covers SSH security, firewalls, monitoring, and backups.<\/p>
Start by locking down SSH access. Disable root login, change the default SSH port, and switch to key-based login. Applying <\/a>VPS security best practices<\/a> alongside regular updates closes the most common attack paths.<\/p>
Next, <\/a>configure a firewall on Ubuntu<\/a> using UFW (Uncomplicated Firewall) to control which traffic reaches your server. UFW is built into Ubuntu and can be set up with just a few commands.<\/p>
Set a weekly schedule: update packages, check for pending reboots, review firewall rules, and test your backups. Writing it down keeps things consistent.<\/p>
If you’re on Hostinger <\/a>VPS hosting<\/a>, you already have DDoS protection and snapshot support built in, so your maintenance routine has a safety net from the start.<\/p>
\n
\"Hostinger