This error occurs when your apt proxy configuration contains a malformed URL that does not follow the required URI format. APT proxy URLs must include a valid scheme (http, https, or socks5h), proper host and port formatting, and correct syntax. Fix this by checking your proxy configuration files and correcting the URL format.
The apt package manager validates proxy URLs against a strict format specification. The required format is scheme://[[user][:pass]@]host[:port]/ where scheme must be http, https, or socks5h. If your configuration has missing colons, incorrect slashes, invalid characters, unescaped special characters in passwords, or missing the required scheme prefix, apt will reject it as invalid. This validation ensures apt can properly parse and use the proxy settings without attempting invalid network connections.
APT proxy settings are stored in configuration files under /etc/apt/apt.conf.d/. Search for any proxy-related configuration:
sudo grep -r "Acquire::.*Proxy" /etc/apt/apt.conf.d/Also check the main configuration file:
sudo grep -r "Acquire::.*Proxy" /etc/apt/apt.confThis will show you all lines where proxy settings are defined. Note the file names and line numbers where these appear.
The correct format for a proxy URL in apt configuration is:
scheme://[[user][:pass]@]host[:port]/Valid examples:
Acquire::http::Proxy "http://proxy.example.com:8080/";
Acquire::https::Proxy "https://proxy.example.com:8443/";
Acquire::http::Proxy "http://username:[email protected]:8080/";
Acquire::http::Proxy "socks5h://127.0.0.1:1080/";Common mistakes to avoid:
- Missing "http://" or other scheme prefix
- Using "http:/proxy" instead of "http://proxy" (missing one slash)
- Writing "Acquire_http" instead of "Acquire::http"
- Forgetting the trailing slash after the port
- Missing quotes around the URL
- Missing the semicolon at the end
If your proxy password contains special characters like @ # % & = +, they must be URL-encoded:
# Example: password is "p@ss=word#123"
# URL-encode: p%40ss%3Dword%23123
Acquire::http::Proxy "http://username:p%40ss%3Dword%[email protected]:8080/";Common URL encodings:
- @ becomes %40
- # becomes %23
- % becomes %25
- & becomes %26
- = becomes %3D
- : becomes %3A (only encode in password, not in scheme://)
To safely encode your password, use this command:
echo -n "your-password" | jq -sRr @uriOpen your proxy configuration file with a text editor:
sudo nano /etc/apt/apt.conf.d/70debconfOr create a new proxy-specific file:
sudo nano /etc/apt/apt.conf.d/proxy.confUpdate the proxy lines with correct formatting. Example valid configuration:
Acquire::http::Proxy "http://192.168.1.100:3128/";
Acquire::https::Proxy "https://192.168.1.100:3128/";
Acquire::ftp::Proxy "ftp://192.168.1.100:3128/";Make sure each line:
1. Uses correct scheme (http://, https://, socks5h://)
2. Has proper host:port separator
3. Ends with a trailing slash
4. Has quotes around the entire URL
5. Ends with a semicolon
Save the file (Ctrl+O, Enter, Ctrl+X in nano).
After fixing the configuration, test if apt accepts it:
sudo apt updateIf you still see "URL is invalid", check the exact error message for which line has the problem:
sudo apt -o Debug::Acquire::http=true update 2>&1 | grep -i proxyIf the error persists, verify syntax by checking what apt loaded:
sudo apt-config dump | grep -i proxyThis shows exactly how apt parsed your configuration. Compare it to your intended proxy URL.
If you cannot get the proxy working, you can temporarily disable it to resume normal apt operations:
sudo nano /etc/apt/apt.conf.d/proxy.confComment out or delete the proxy lines:
# Acquire::http::Proxy "http://proxy:8080/";
# Acquire::https::Proxy "https://proxy:8080/";Or use the special value DIRECT to disable proxy:
Acquire::http::Proxy "DIRECT";
Acquire::https::Proxy "DIRECT";Save and test:
sudo apt updateAPT supports multiple proxy schemes: http and https are the most common, while socks5h provides SOCKS5 proxy with remote DNS resolution (socks5h means DNS queries go through the proxy, useful behind strict firewalls). The environment variables http_proxy, https_proxy, and ftp_proxy are ignored by apt—you must use the /etc/apt/apt.conf.d/ configuration files. For authentication proxies, many corporate proxies require NTLM authentication which standard HTTP proxy settings cannot handle; in those cases, consider using a proxy cache like apt-cacher-ng or squid with pass-through authentication. If you see this error in a container or CI/CD pipeline, remember that apt configuration must be set during image build time, not at runtime, and ensure all required proxy settings are in place before running apt commands. Some systems use /etc/environment or ~/.bashrc for http_proxy, but apt ignores these in favor of its own configuration files.
E: Could not connect to proxy server
Could not connect to proxy server
E: Package 'package:i386' has no installation candidate
How to fix "Package package:i386 has no installation candidate" in apt
E: The value 'value' is invalid for APT::Default-Release
How to fix invalid APT::Default-Release value in APT
dpkg: error: unable to create new file 'path': Permission denied
How to fix dpkg permission denied errors in APT
subprocess installed post-removal script returned error exit status 1
How to fix "subprocess installed post-removal script returned error exit status 1" in APT