Unattended Upgrades

To configure linux hosts to automatically install updates and upgrades, add or edit the following lines in /etc/apt/apt.conf.d/50unattended-upgrades. Feel free to change the settings as you see fit.

Unattended-Upgrade::Mail "user@example.com";
Unattended-Upgrade::MailOnlyOnError "true";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:38";

At the top of /etc/apt/apt.conf.d/50unattended-upgrades, you'll notice the block below, be sure to follow my comments and make the changes needed

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
	"${distro_id}:${distro_codename}-security";
	// Extended Security Maintenance; doesn't necessarily exist for
	// every release and this system may not have it installed, but if
	// available, the policy for updates is such that unattended-upgrades
	// should also install from here by default.
	"${distro_id}ESM:${distro_codename}";
	"${distro_id}:${distro_codename}-updates"; // <-- Uncomment this line.
//	"${distro_id}:${distro_codename}-proposed";
//	"${distro_id}:${distro_codename}-backports";
};

Add the following lines to sudo vim /etc/apt/apt.conf.d/20auto-upgrades.

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
# Add these two lines...
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";

Test that you can run a dy-run update using unattended-upgrades -

sudo unattended-upgrades --dry-run --debug

Also, check the logs for unattended-upgrades below

less /var/log/unattended-upgrades/unattended-upgrades.log