A few days ago, the signing key deb.sury.org expired, and I can’t find a way to update to the latest key. I’ve tried the script (https://packages.sury.org/php/README.txt) on deb.sury.org, but it keeps downloading the old key. Is there something else I need to do?
Cheers!
Use this:
curl -s https://packages.sury.org/php/apt.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/sury-keyring.gpg >/dev/null
But you should check that /etc/apt/sources.list.d/php.list is using the right path to the key /usr/share/keyrings/sury-keyring.gpg
/etc/apt/sources.list.d/php.list:
deb [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] https://packages.sury.org/php/` bookworm main`
I’m guessing that’s not right.
That’s just a name. Or you use this command and then replace the name in php.list
curl -s https://packages.sury.org/php/apt.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/sury-keyring.gpg >/dev/null
Or you use this command so don’t need to change the name in php.list:
curl -s https://packages.sury.org/php/apt.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/debsuryorg-archive-keyring.gpg >/dev/null
Thanks for your help so far. It’s still not working.
I have tried both methods and sudo apt update features this:
Err:8 https://packages.sury.org/php/` bookworm InRelease
418 I’m a teapot [IP: 199.232.115.52 443]
Get:1 file:/etc/apt/mirrors/debian.list Mirrorlist [30 B]
Get:2 file:/etc/apt/mirrors/debian-security.list Mirrorlist [39 B]
Hit:7 https://packages.sury.org/apache2 bookworm InRelease
Hit:3 Index of /debian bookworm InRelease
Err:8 https://packages.sury.org/php/` bookworm InRelease
418 I’m a teapot [IP: 199.232.115.52 443]
Hit:4 Index of /debian bookworm-updates InRelease
Hit:5 Index of /debian bookworm-backports InRelease
Hit:6 https://deb.debian.org/debian-security bookworm-security InRelease
Err:7 https://packages.sury.org/apache2 bookworm InRelease
The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key [email protected]
Hit:9 https://apt.hestiacp.com bookworm InRelease
Hit:10 Index of /packages/mainline/debian/ bookworm InRelease
Reading package lists… Done
E: Failed to fetch https://packages.sury.org/php/`/dists/bookworm/InRelease 418 I’m a teapot [IP: 199.232.115.52 443]
E: The repository ‘https://packages.sury.org/php/` bookworm InRelease’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org/apache2 bookworm InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key [email protected]
You must also change the apache.list file and there is a typo in the repo.
Show me the output of these commands:
cat -A /etc/apt/sources.list.d/php.list
cat -A /etc/apt/sources.list.d/apache2.list
deb [signed-by=/usr/share/keyrings/sury-keyring.gpg] https://packages.sury.org/php/` bookworm main`/usr/share/keyrings/sury-keyring.gpg$
deb [arch=amd64 signed-by=/usr/share/keyrings/apache2-keyring.gpg] Index of /apache2/ bookworm main$
Next time, paste the output, select the text and Ctrl+E or click on icon </>
To fix it:
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/sury-keyring.gpg] https://packages.sury.org/apache2/ bookworm main' > /etc/apt/sources.list.d/apache2.list
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/sury-keyring.gpg] https://packages.sury.org/php/ bookworm main' > /etc/apt/sources.list.d/php.list
apt update
Tried both as written and using sudo and….:
-bash: /etc/apt/sources.list.d/apache2.list: Permission denied
-bash: /etc/apt/sources.list.d/php.list: Permission denied
This is fun 
Before executing the commands login as root.
sudo -i
Or use these commands:
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/sury-keyring.gpg] https://packages.sury.org/apache2/ bookworm main' | sudo tee /etc/apt/sources.list.d/apache2.list >/dev/null
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/sury-keyring.gpg] https://packages.sury.org/php/ bookworm main' | sudo tee /etc/apt/sources.list.d/php.list >/dev/null
sudo apt update
Facing the same issue, and tried fixing, but it gives the expired signature error even after that:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: ``https://packages.sury.org/apache2`` bookworm InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 ``DEB.SURY.ORG`` Automatic Signing Key <[email protected]>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: ``https://packages.sury.org/php`` bookworm InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 ``DEB.SURY.ORG`` Automatic Signing Key <[email protected]>
W: Failed to fetch ``https://packages.sury.org/apache2/dists/bookworm/InRelease`` The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 ``DEB.SURY.ORG`` Automatic Signing Key <[email protected]>
W: Failed to fetch ``https://packages.sury.org/php/dists/bookworm/InRelease`` The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 ``DEB.SURY.ORG`` Automatic Signing Key <[email protected]>
W: Some index files failed to download. They have been ignored, or old ones used instead.
But dd you dowload the new key?
curl -s https://packages.sury.org/php/apt.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/sury-keyring.gpg >/dev/null
Thank you very much. That worked for me.
Seems I had not. Guess, I just did not realize it. May bad on that.
Thanks guys, @sahsanu ‘s curl command and echo commands solve it, big kudos !!! 