How to Solve an Expired Key (EXPKEYSIG) with Apt

During the update of apt-cache or packages installation with the apt package manager, I get the signature expiration message (EXPKEYSIG 8C718D3B5072E1F5). This means that the gpg signature key is expired.

Error

Here is logs on my Debian 9 system:

sudo apt update

Hit:1 http://security.debian.org stretch/updates InRelease
Get:2 http://repo.mysql.com/apt/debian stretch InRelease [19.2 kB]
Hit:3 https://deb.nodesource.com/node_10.x stretch InRelease
Err:2 http://repo.mysql.com/apt/debian stretch InRelease
  The following signatures were invalid: EXPKEYSIG 8C718D3B5072E1F5 MySQL Release Engineering 
Hit:4 https://packages.sury.org/php stretch InRelease
Ign:5 http://mirrors.digitalocean.com/debian stretch InRelease
Get:6 http://mirrors.digitalocean.com/debian stretch-updates InRelease [91.0 kB]
Hit:7 http://mirrors.digitalocean.com/debian stretch Release
Reading package lists... Done
...
...

Use the following command to list all keys configured for apt on your system.

sudo apt-key list

You will see the expired key like this.

Solution:

Now, update the expired key by running the below command. Here 8C718D3B5072E1F5 is the key was expired on my system.

sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 8C718D3B5072E1F5

You must change 8C718D3B5072E1F5 with the expired key on your system.

View 20 Comments

20 Comments

Rod on May 24, 2022 3:03 pm
sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys TYYUGHGGH
This one worked for me, posted By Jose Antonio. So thankful
stephan on March 18, 2022 12:19 pm
hello
i have
apt-key adv –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
Executing: /tmp/apt-key-gpghome.HyyVEkmH7h/gpg.1.sh –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
gpg: keyserver receive failed: No name
and always
The following signatures were invalid: EXPKEYSIG 8C718D3B5072E1F5 MySQL Release Engineering
can you help me ?
thanks
YD SH on January 24, 2022 5:27 am
I am still getting the error –
sudo apt-get update
Hit:1 https://deb.nodesource.com/node_12.x focal InRelease
Hit:2 http://in.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://in.archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:4 http://in.archive.ubuntu.com/ubuntu focal-backports InRelease
Get:5 http://deb.anydesk.com all InRelease [5,588 B]
Err:5 http://deb.anydesk.com all InRelease
The following signatures were invalid: EXPKEYSIG 18DF3741CDFFDE29 philandro Software GmbH
Hit:6 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:7 http://security.ubuntu.com/ubuntu focal-security InRelease
Ign:8 https://dl.packager.io/srv/deb/opf/openproject/stable/11/ubuntu 20.04 InRelease
Get:9 https://dl.packager.io/srv/deb/opf/openproject/stable/11/ubuntu 20.04 Release
Reading package lists… Done
W: GPG error: http://deb.anydesk.com all InRelease: The following signatures were invalid: EXPKEYSIG 18DF3741CDFFDE29 philandro Software GmbH
E: The repository ‘http://deb.anydesk.com all InRelease’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
sudo apt-key adv –keyserver keys.gnupg.net –recv-keys 18DF3741CDFFDE29
Executing: /tmp/apt-key-gpghome.TB1lr2fkDL/gpg.1.sh –keyserver keys.gnupg.net –recv-keys 18DF3741CDFFDE29
gpg: keyserver receive failed: Server indicated a failure
Noodleeye on July 4, 2021 4:35 am
Hi Rahul,
Thanks for this valuable advice. I had to change the keyserver to hkp://keyserver.ubuntu.com:80 as suggested by Jose Antonio to renew skype key. Worked like a charm.
Best wishes
Zygmunt Kowalik on April 18, 2021 9:01 am
Thanks! Worked!
Shirley Shao on February 18, 2021 2:45 am
It works for me!!Thank you!
Mike O'Connor on January 26, 2021 5:16 am
Thanks so much Rahul. This was helpful but actually the result was that nothing was changed, not with the particular key that had expired in my case. The actual problem was that the key was still valid but the expiration date had to be updated. See https://www.bentoh.my/post/gpg-key-problem/.
tommy on November 14, 2020 7:01 am
Thanks!
useful from Taiwan.
José Marcos on June 11, 2020 10:55 am
Thank you! Greetings from Brazil.
eddso on October 8, 2019 1:07 pm
Its not work on keys for Debian 6. All keyserver provides expired keys.
Héctor Tello on August 20, 2019 1:54 am
It worked!! Thank you so much!!
Gabriel on July 19, 2019 2:05 am
Worked like a charm, thanks!
Giancarlo Cunis on July 9, 2019 4:54 am
This worked for me. Thanks
George on June 8, 2019 5:41 pm
Thanks a lot! This really help me!
Gonzalo on May 24, 2019 9:04 am
If you got this error:
gpg: failed to start the dirmngr ‘/usr/bin/dirmngr’: No such file or directory
Simply install dirmngr:
https://blog.sleeplessbeastie.eu/2017/11/02/how-to-fix-missing-dirmngr/
And execute the command again.
Muhammad Rehan on May 16, 2019 10:21 am
Thanks for this awesome hack.
heroasam on May 13, 2019 6:44 pm
Genio!!!
Jose Antonio on May 11, 2019 8:48 pm
Hola, al seguir tus instrucciones me daba lo siguiente:
sudo apt-key adv –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
Executing: /tmp/apt-key-gpghome.EjjsPBXR9j/gpg.1.sh –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
gpg: keyserver receive failed: Connection refused
Lo solucioné de la siguiente manera:
sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 5072E1F5
Peeter on April 22, 2019 4:47 pm
Hi Rahul,
Your solution works like a charm : ). Thanks for taking the time to publish it out there.
FDX on April 21, 2019 4:35 am
Fue de gran ayuda. Muchas gracias !!!