Fix Nginx expired key (EXPKEYSIG ABF5BD827BD9BF62)

Hello,

Today (2024-06-14), Nginx signing key expired so if you try to apt update, you will see an error similar to this:

Err:8 https://nginx.org/packages/mainline/debian bookworm InRelease
  The following signatures were invalid: EXPKEYSIG ABF5BD827BD9BF62 nginx signing key <[email protected]>

To solve it:

sudo su -
curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg

or

curl -s https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg
30 Likes

something like that for ubuntu??

It is the same …

1 Like

It works for me! Thanks @sahsanu

1 Like

Thank you.

1 Like

That did not work for me.

Here is what I ended up doing on all three servers:

apt-key del 7BD9BF62
apt-key del B49F6B46
apt-key del 8D88A2B3
apt-key adv --fetch-keys https://nginx.org/keys/nginx_signing.key
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-keyring.gpg

Seems you are not using the right nginx.list.

Could you please show the output of this command?

cat /etc/apt/sources.list.d/nginx.list
1 Like
deb [arch=amd64 signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://nginx.org/packages/mainline/debian/ bullseye nginx

That is the right one so I don’t understand the reason it didn’t work in your server.

I’ve managed to fix it on my Ubuntu Focal machine by repeating the steps on nginx: Linux packages

This worked for me (Ubuntu 22.04 Server)

sudo su -
curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg
1 Like

If not working, try

curl -O https://nginx.org/keys/nginx_signing.key && apt-key add ./nginx_signing.key

Source: Updating the GPG Key for NGINX Products

Also worked for me (Ubuntu 20.04 Server)

sudo su -
curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg

Thank you. It worked

1 Like

None of those works for me on Ubuntu 22.04. So I just followed the steps on Updating the PGP Key for NGINX Software – NGINX Community Blog
And this worked for me →
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
After that →
apt-get update