When automatic updates fail silently on Ubuntu Server, it's often due to multiple configuration layers not working in harmony. The problem manifests through empty log directories (/var/log/unattended-upgrades/) and inactive services, despite seemingly correct configurations.

First, verify all required components are installed:

sudo apt-get install unattended-upgrades update-notifier-common

The most reliable way to test unattended upgrades is through dry-run mode:

sudo unattended-upgrade --dry-run --debug

This outputs detailed information about which updates would be applied and why others might be skipped.

Modern Ubuntu versions use these critical files:

/etc/apt/apt.conf.d/20auto-upgrades
/etc/apt/apt.conf.d/50unattended-upgrades

Sample working configuration for 20auto-upgrades:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";

For production servers, consider enabling only security updates initially:

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
};

Enable verbose logging by creating /etc/apt/apt.conf.d/10logging:

Unattended-Upgrade::SyslogEnable "true";
Unattended-Upgrade::SyslogFacility "daemon";
Unattended-Upgrade::Verbose "true";

Unattended upgrades run via cron.daily. Check the timer:

systemctl list-timers --all

To exclude kernel updates while allowing others:

Unattended-Upgrade::Package-Blacklist {
    "linux-image-generic";
    "linux-headers-generic";
};

Create a test script to verify the full workflow:

#!/bin/bash
sudo apt-get update
sudo unattended-upgrade -v --dry-run
sudo grep -i "Packages that will be upgraded" /var/log/unattended-upgrades/unattended-upgrades.log

After configuration, run this diagnostic sequence:

sudo apt-get update
sudo unattended-upgrade -d
sudo cat /var/log/unattended-upgrades/unattended-upgrades.log
sudo systemctl status unattended-upgrades

---

Ubuntu's automatic update system relies on two main components:

unattended-upgrades
apt cron job configuration

First, verify if the unattended-upgrades package is installed:

dpkg -l unattended-upgrades
apt-cache policy unattended-upgrades

If missing, install it with:

sudo apt-get install unattended-upgrades

Edit the main configuration file:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Here's a more complete configuration example for modern Ubuntu versions:

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}";
    "${distro_id}:${distro_codename}-security";
    "${distro_id}ESMApps:${distro_codename}-apps-security";
    "${distro_id}ESM:${distro_codename}-infra-security";
};

Create or edit the periodic configuration:

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

Add these essential lines:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";

Check if the cron job is properly configured:

ls -la /etc/cron.daily/apt-compat

Manually trigger a dry run to test:

sudo unattended-upgrade --dry-run --debug

For production servers, consider these additional settings:

Unattended-Upgrade::AutoFixInterruptedDpkg "true";
Unattended-Upgrade::MinimalSteps "true";
Unattended-Upgrade::InstallOnShutdown "false";
Unattended-Upgrade::Remove-Unused-Dependencies "false";
Unattended-Upgrade::Automatic-Reboot "false";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";

Check the log files regularly:

tail -f /var/log/unattended-upgrades/unattended-upgrades.log

For email notifications, ensure your mail system works and configure:

Unattended-Upgrade::Mail "admin@example.com";
Unattended-Upgrade::MailReport "on-change";

If updates aren't applying, check these:

# Verify the service is running
systemctl status unattended-upgrades

# Check for configuration errors
/usr/bin/unattended-upgrade --debug