Here is the solution if you've got the following error message when updating package lists on Debian (apt-get update):
The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key
The sury.org Debian package repository has changed its package signing key. To fix the error, just download the new key:
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
Finally, run package update again:
apt update && apt upgrade