Apt upgrade failed: GPG error packages.sury.org

Adding required repositories to proceed with installation:

[ * ] NGINX
[ * ] PHP
[ * ] Apache2
[ * ] MariaDB
[ * ] Hestia Control Panel

Updating currently installed packages, please wait… W: GPG error: https://packages.sury.org/apache2 stretch InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY B188E2B695BD4743
W: The repository ‘https://packages.sury.org/apache2 stretch InRelease’ is not signed.
W: GPG error: https://mirror.mva-n.net/mariadb/repo/10.4/debian stretch InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY F1656F24C74CD1D8
W: The repository ‘https://mirror.mva-n.net/mariadb/repo/10.4/debian stretch InRelease’ is not signed.
W: GPG error: https://packages.sury.org/php stretch InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY B188E2B695BD4743
W: The repository ‘https://packages.sury.org/php stretch InRelease’ is not signed.
W: GPG error: https://nginx.org/packages/mainline/debian stretch InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY ABF5BD827BD9BF62
W: The repository ‘https://nginx.org/packages/mainline/debian stretch InRelease’ is not signed.
W: GPG error: https://apt.hestiacp.com stretch InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
W: The repository ‘https://apt.hestiacp.com stretch InRelease’ is not signed.
-E: There were unauthenticated packages and -y was used without --allow-unauthenticated

Error: apt-get upgrade failed

Just tried a freash installed debian 10 as well

Adding required repositories to proceed with installation:

[ * ] NGINX
[ * ] PHP
[ * ] Apache2
[ * ] MariaDB
[ * ] Hestia Control Panel

Updating currently installed packages, please wait... W: GPG error: https://mirror.mva-n.net/mariadb/repo/10.4/debian buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F1656F24C74CD1D8
E: The repository 'https://mirror.mva-n.net/mariadb/repo/10.4/debian buster InRelease' is not signed.
W: GPG error: https://nginx.org/packages/mainline/debian buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ABF5BD827BD9BF62
E: The repository 'https://nginx.org/packages/mainline/debian buster InRelease' is not signed.
W: GPG error: https://apt.hestiacp.com buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A189E93654F0B0E5
E: The repository 'https://apt.hestiacp.com buster InRelease' is not signed.
W: GPG error: https://packages.sury.org/apache2 buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B188E2B695BD4743
E: The repository 'https://packages.sury.org/apache2 buster InRelease' is not signed.
W: GPG error: https://packages.sury.org/php buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B188E2B695BD4743
E: The repository 'https://packages.sury.org/php buster InRelease' is not signed.
  • The installer is now downloading and installing all required packages.
    NOTE: This process may take 10 to 15 minutes to complete, please wait…

Error: apt-get install failed

I have tried to install apt-transport-https it didnt work

Did you ran

apt-get update && apt-get install ca-certificates

Before?

There seems some issues with downloading the Pubkeys over https.

yes i have tried that aswell i dont get whats wrong

i have done the install a few times before without any problems.

Hello, again with Debian 10

Err:10 https://packages.sury.org/apache2 buster InRelease

The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key [email protected]
Err:11 https://packages.sury.org/php buster InRelease
The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key [email protected]
Reading package lists… Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org/apache2 buster InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key [email protected]
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org/php buster InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key [email protected]
W: Failed to fetch https://packages.sury.org/apache2/dists/buster/InRelease The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key [email protected]
W: Failed to fetch https://packages.sury.org/php/dists/buster/InRelease The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key [email protected]
W: Some index files failed to download. They have been ignored, or old ones used instead.

I saw this message too yesterday. it seems there is something off with the GPG keys for the sury repos. at least for the debian ones, I think for Ubuntu it’s handled differently.

for me it nevertheless installed everything just fine - I’d expect it to be fixed in a few days. however these repositories are third party, so not really something we can do a lot about…

PS: last time some key for ondrej (the maintainer of sury) which is used to resign the keys had to be reissued or something like that… google knows the whole story :wink:

Please check

apt-key adv --fetch-keys 'https://packages.sury.org/php/apt.gpg' > /dev/null 2>&1

3 Likes

Thank you

1.3.5 has been released for other users upgrade to 1.3.5 and the issue should be solved

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.