Ubuntu – official nginx trusty ppa gives KEYEXPIRED gpg error

aptnginxrepository

I'm getting the following error every time I do apt-get upgrade:

GPG error: http://nginx.org trusty Release: The following signatures were invalid: KEYEXPIRED 1471427554

I just have the official nginx ppa installed the standard way, by having added the following to my sources.list

deb http://nginx.org/packages/ubuntu/ trusty nginx
deb-src http://nginx.org/packages/ubuntu/ trusty nginx

Is this an error from their end that they will eventually fix hopefully, or is there something I'm going to have to do from my end?

Best Answer

After adding a third party repository to a /etc/apt/sources.list.d/* file or /etc/apt/sources.list, you need to make sure the corresponding gpg key is inserted into the apt keystore.

To be more specific for this special case of nginx.org repository: you need to add the nginx.org gpg key file used for the signing of the repository.

This can be done by either downloading the file https://nginx.org/keys/nginx_signing.key manually and issue sudo apt-key add nginx_signing.key (as suggested by nginx.org and @ThomasWard) or you can do this in one single line:

wget https://nginx.org/keys/nginx_signing.key -O - | sudo apt-key add -

Related Solutions

APT-GET Errors – Easiest Way to Resolve apt-get BADSIG GPG Errors

Here's the (easiest) solution:

Type the following commands in the Terminal:

$ sudo -i
# apt-get clean
# cd /var/lib/apt
# mv lists lists.old
# mkdir -p lists/partial
# apt-get clean
# apt-get update

Credits: ubuntugeek.com

Edit:

If the error occurs again (maybe after a few days/months), open Nautilus as root > navigate to var/lib/apt > delete the "lists.old" folder > then open the "lists" folder and delete the "partial" folder. Now, execute the aforementioned commands again.

APT – How to Fix GPG Error ‘NO_PUBKEY’

By far the simplest way to handle this now is with Y-PPA-Manager (which now integrates the launchpad-getkeys script with a graphical interface).

To install it, first add the webupd8 repository for this program:
```
sudo add-apt-repository ppa:webupd8team/y-ppa-manager
```

Update your software list and install Y-PPA-Manager:

sudo apt-get update
sudo apt-get install y-ppa-manager

Run y-ppa-manager (i.e. type y-ppa-manager then press enter key).
When the main y-ppa-manager window appears, click on "Advanced."
From the list of advanced tasks, select "Try to import all missing GPG keys" and click OK.

You're done! As the warning dialog says when you start the operation, it may take quite a while (about 2 minutes for me) depending on how many PPA's you have and the speed of your connection.

Best Answer

Related Solutions

APT-GET Errors – Easiest Way to Resolve apt-get BADSIG GPG Errors

APT – How to Fix GPG Error ‘NO_PUBKEY’

Related Question