Qutzl Insights

Tutorial

How to update Ubuntu

A straightforward checklist for keeping Ubuntu Server or Desktop patched: apt update, upgrade, reboots, and what to verify before you walk away.

3 min readBy Michael NarehoodLinux

Advertisement

Keeping Ubuntu current is not complicated, but rushing it on a production host is how you learn about kernel upgrades the hard way. Use this as a calm, repeatable habit for Ubuntu Server or Desktop (22.04 / 24.04 and similar apt-based releases).

1. Know what you are about to change

Before you touch packages:

  • Note the hostname and role (web, XCP-ng guest, desktop, etc.)
  • Confirm you have console or out-of-band access if this is a remote server
  • Check whether a reboot window is acceptable
hostnamectl
lsb_release -a
uptime

2. Refresh the package index

sudo apt update

Skim the output for repository errors. If a third-party repo is broken, fix that before you upgrade. Do not ignore “Failed to fetch” lines and hope for the best.

3. See what would change (optional but smart)

apt list --upgradable

On a critical host, glance for kernel, libc, nginx/apache, database, or panel packages so you know whether a reboot or service restart is likely.

4. Apply updates

For a normal maintenance window:

sudo apt upgrade

If you intentionally want package removals when the resolver needs them (use with care on servers):

sudo apt full-upgrade

Answer prompts thoughtfully. Autoremoving suggested packages is usually fine; deleting something you do not recognize is not.

5. Clean up leftover packages

sudo apt autoremove --purge
sudo apt autoclean

6. Reboot if the kernel or core libs require it

Ubuntu often tells you a reboot is needed. You can also check:

# Debian/Ubuntu reboot-required flag
test -f /var/run/reboot-required && cat /var/run/reboot-required

If a new kernel was installed, schedule the reboot. Do not leave “reboot pending” for weeks on a public host.

sudo reboot

7. Validate after the update

  • Host comes back on the network
  • Critical services are running (systemctl status …)
  • Sites or apps respond
  • Disk space still looks sane (df -h)

Unattended upgrades (optional)

Many Ubuntu servers already have unattended-upgrades for security patches. That is good for security updates; it does not replace periodic manual review for app stacks you care about.

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

Bottom line

apt update → review → apt upgrade → reboot if needed → verify services. Make it boring and scheduled, not something you only do after a CVE thread hits your timeline.