How to Solve an Expired Key (EXPKEYSIG) with Apt

    RahulBy 1 Min ReadUpdated:

    During the update of apt-cache or packages installation with the apt package manager, I get the signature expiration message (EXPKEYSIG 8C718D3B5072E1F5). This means that the gpg signature key is expired.

    Error

    Here is logs on my Debian 9 system:

    sudo apt update

Hit:1 http://security.debian.org stretch/updates InRelease
Get:2 http://repo.mysql.com/apt/debian stretch InRelease [19.2 kB]
Hit:3 https://deb.nodesource.com/node_10.x stretch InRelease
Err:2 http://repo.mysql.com/apt/debian stretch InRelease
  The following signatures were invalid: EXPKEYSIG 8C718D3B5072E1F5 MySQL Release Engineering 
Hit:4 https://packages.sury.org/php stretch InRelease
Ign:5 http://mirrors.digitalocean.com/debian stretch InRelease
Get:6 http://mirrors.digitalocean.com/debian stretch-updates InRelease [91.0 kB]
Hit:7 http://mirrors.digitalocean.com/debian stretch Release
Reading package lists... Done
...
...

    Use the following command to list all keys configured for apt on your system.

    sudo apt-key list

    You will see the expired key like this.

    Expired Key (EXPKEYSIG)

    Solution:

    Now, update the expired key by running the below command. Here 8C718D3B5072E1F5 is the key was expired on my system.

    sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 8C718D3B5072E1F5

    You must change 8C718D3B5072E1F5 with the expired key on your system.

    Share.

    Related Posts

    20 Comments

    1. Rod on

      sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys TYYUGHGGH

      This one worked for me, posted By Jose Antonio. So thankful

      Reply
    2. stephan on

      hello
      i have
      apt-key adv –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
      Executing: /tmp/apt-key-gpghome.HyyVEkmH7h/gpg.1.sh –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
      gpg: keyserver receive failed: No name

      and always
      The following signatures were invalid: EXPKEYSIG 8C718D3B5072E1F5 MySQL Release Engineering

      can you help me ?
      thanks

      Reply
    3. YD SH on

      I am still getting the error –

      sudo apt-get update
      Hit:1 https://deb.nodesource.com/node_12.x focal InRelease
      Hit:2 http://in.archive.ubuntu.com/ubuntu focal InRelease
      Hit:3 http://in.archive.ubuntu.com/ubuntu focal-updates InRelease
      Hit:4 http://in.archive.ubuntu.com/ubuntu focal-backports InRelease
      Get:5 http://deb.anydesk.com all InRelease [5,588 B]
      Err:5 http://deb.anydesk.com all InRelease
      The following signatures were invalid: EXPKEYSIG 18DF3741CDFFDE29 philandro Software GmbH
      Hit:6 http://dl.google.com/linux/chrome/deb stable InRelease
      Hit:7 http://security.ubuntu.com/ubuntu focal-security InRelease
      Ign:8 https://dl.packager.io/srv/deb/opf/openproject/stable/11/ubuntu 20.04 InRelease
      Get:9 https://dl.packager.io/srv/deb/opf/openproject/stable/11/ubuntu 20.04 Release
      Reading package lists… Done
      W: GPG error: http://deb.anydesk.com all InRelease: The following signatures were invalid: EXPKEYSIG 18DF3741CDFFDE29 philandro Software GmbH
      E: The repository ‘http://deb.anydesk.com all InRelease’ is not signed.
      N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
      N: See apt-secure(8) manpage for repository creation and user configuration details.

      sudo apt-key adv –keyserver keys.gnupg.net –recv-keys 18DF3741CDFFDE29
      Executing: /tmp/apt-key-gpghome.TB1lr2fkDL/gpg.1.sh –keyserver keys.gnupg.net –recv-keys 18DF3741CDFFDE29
      gpg: keyserver receive failed: Server indicated a failure

      Reply
    4. Noodleeye on

      Hi Rahul,
      Thanks for this valuable advice. I had to change the keyserver to hkp://keyserver.ubuntu.com:80 as suggested by Jose Antonio to renew skype key. Worked like a charm.

      Best wishes

      Reply
    18. Jose Antonio on

      Hola, al seguir tus instrucciones me daba lo siguiente:

      sudo apt-key adv –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
      Executing: /tmp/apt-key-gpghome.EjjsPBXR9j/gpg.1.sh –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
      gpg: keyserver receive failed: Connection refused

      Lo solucioné de la siguiente manera:

      sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 5072E1F5

      Reply

    Leave A Reply