Fix Nginx expired key (EXPKEYSIG ABF5BD827BD9BF62)

sahsanu · June 14, 2024, 9:41pm

Hello,

Today (2024-06-14), Nginx signing key expired so if you try to apt update, you will see an error similar to this:

Err:8 https://nginx.org/packages/mainline/debian bookworm InRelease
  The following signatures were invalid: EXPKEYSIG ABF5BD827BD9BF62 nginx signing key <[email protected]>

To solve it:

sudo su -
curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg

or

curl -s https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg

dyrer · June 16, 2024, 2:32pm

something like that for ubuntu??

eris · June 16, 2024, 2:44pm

It is the same …

bokishaNET · June 17, 2024, 12:39pm

It works for me! Thanks @sahsanu

johnnyz · June 17, 2024, 2:32pm

Thank you.

arktex54 · June 19, 2024, 10:11pm

That did not work for me.

Here is what I ended up doing on all three servers:

apt-key del 7BD9BF62
apt-key del B49F6B46
apt-key del 8D88A2B3
apt-key adv --fetch-keys https://nginx.org/keys/nginx_signing.key
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-keyring.gpg

sahsanu · June 19, 2024, 10:39pm

Seems you are not using the right nginx.list.

Could you please show the output of this command?

cat /etc/apt/sources.list.d/nginx.list

arktex54 · June 19, 2024, 10:53pm

deb [arch=amd64 signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://nginx.org/packages/mainline/debian/ bullseye nginx

sahsanu · June 19, 2024, 10:56pm

That is the right one so I don’t understand the reason it didn’t work in your server.

KingOfDanzig · June 20, 2024, 10:08am

I’ve managed to fix it on my Ubuntu Focal machine by repeating the steps on nginx: Linux packages

Paneljocky · June 24, 2024, 7:43am

This worked for me (Ubuntu 22.04 Server)

sudo su -
curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg

migmae · June 24, 2024, 3:05pm

If not working, try

curl -O https://nginx.org/keys/nginx_signing.key && apt-key add ./nginx_signing.key

Source: Updating the GPG Key for NGINX Products

ronald · June 30, 2024, 8:24pm

Also worked for me (Ubuntu 20.04 Server)

sudo su -
curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg

SergeyUA · July 6, 2024, 4:29pm

Thank you. It worked

ToNov · July 12, 2024, 4:00pm

None of those works for me on Ubuntu 22.04. So I just followed the steps on Updating the PGP Key for NGINX Software – NGINX Community Blog
And this worked for me →
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
After that →
apt-get update

chiareu · July 24, 2024, 4:39pm

Not worked on my Ubuntu 22.04.4 LTS
curl -s https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor > /usr/share/keyrings/nginx-keyring.gpg
gpd: no valid OpenPGP data found