On a Hetzner server with Debian 11 and HestiaCP 1.8.11 ready to upgrade to Debian 12:
# apt update
Hit:1 http://mirror.hetzner.de/debian/packages bookworm InRelease
Hit:2 http://deb.debian.org/debian bookworm InRelease
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
Get:5 http://mirror.hetzner.de/debian/packages bookworm-updates InRelease [52.1 kB]
Get:6 http://mirror.hetzner.de/debian/packages bookworm-backports InRelease [56.5 kB]
Hit:7 http://mirror.hetzner.de/debian/security bookworm-security InRelease
Hit:8 https://nginx.org/packages/mainline/debian bookworm InRelease
Hit:9 https://packages.sury.org/apache2 bookworm InRelease
Hit:10 https://packages.sury.org/php bookworm InRelease
Hit:11 https://apt.hestiacp.com bookworm InRelease
Get:12 https://dlm.mariadb.com/repo/mariadb-server/10.11/repo/debian bookworm InRelease [4,625 B]
Get:13 http://mirror.hetzner.de/debian/packages bookworm-backports/main amd64 Packages [172 kB]
Err:9 https://packages.sury.org/apache2 bookworm InRelease
The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <[email protected]>
Fetched 386 kB in 2s (256 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
571 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org/apache2 bookworm InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <[email protected]>
W: Failed to fetch https://packages.sury.org/apache2/dists/bookworm/InRelease The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <[email protected]>
W: Some index files failed to download. They have been ignored, or old ones used instead.
I solved it by replacing ‘apache2-keyring.gpg’ with ‘sury-keyring.gpg’ in the ‘/etc/apt/sources.list.d/apache2.list’ file.
Is this the correct solution? My line is now:
deb [arch=amd64 signed-by=/usr/share/keyrings/sury-keyring.gpg] https://packages.sury.org/apache2/ bookworm main