How to Solve an Expired Key (EXPKEYSIG) with Apt

    RahulBy 1 Min ReadUpdated:

    During the update of apt-cache or packages installation with the apt package manager, I get the signature expiration message (EXPKEYSIG 8C718D3B5072E1F5). This means that the gpg signature key is expired.

    Error

    Here is logs on my Debian 9 system:

    sudo apt update

Hit:1 http://security.debian.org stretch/updates InRelease
Get:2 http://repo.mysql.com/apt/debian stretch InRelease [19.2 kB]
Hit:3 https://deb.nodesource.com/node_10.x stretch InRelease
Err:2 http://repo.mysql.com/apt/debian stretch InRelease
  The following signatures were invalid: EXPKEYSIG 8C718D3B5072E1F5 MySQL Release Engineering 
Hit:4 https://packages.sury.org/php stretch InRelease
Ign:5 http://mirrors.digitalocean.com/debian stretch InRelease
Get:6 http://mirrors.digitalocean.com/debian stretch-updates InRelease [91.0 kB]
Hit:7 http://mirrors.digitalocean.com/debian stretch Release
Reading package lists... Done
...
...

    Use the following command to list all keys configured for apt on your system.

    sudo apt-key list

    You will see the expired key like this.

    Expired Key (EXPKEYSIG)

    Solution:

    Now, update the expired key by running the below command. Here 8C718D3B5072E1F5 is the key was expired on my system.

    sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 8C718D3B5072E1F5

    You must change 8C718D3B5072E1F5 with the expired key on your system.

    Share.

    Related Posts

    17 Comments

    1. Noodleeye on

      Hi Rahul,
      Thanks for this valuable advice. I had to change the keyserver to hkp://keyserver.ubuntu.com:80 as suggested by Jose Antonio to renew skype key. Worked like a charm.

      Best wishes

      Reply
    15. Jose Antonio on

      Hola, al seguir tus instrucciones me daba lo siguiente:

      sudo apt-key adv –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
      Executing: /tmp/apt-key-gpghome.EjjsPBXR9j/gpg.1.sh –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
      gpg: keyserver receive failed: Connection refused

      Lo solucioné de la siguiente manera:

      sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 5072E1F5

      Reply

    Leave A Reply