[SOLVED] The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key

Here is the solution if you've got the following error message when updating package lists on Debian (apt-get update):

The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key

The sury.org Debian package repository has changed its package signing key. To fix the error, just download the new key:

wget https://packages.sury.org/php/apt.gpg -O /etc/apt/trusted.gpg.d/php-sury.gpg

Finally, run package update again:

apt-get update && apt-get upgrade

4 thoughts on “[SOLVED] The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key”

  1. Got the same message after applying your solution. It seems that the repository isn’t signed :

    Err:1 https://packages.sury.org/php buster InRelease
    The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key
    Reading package lists… Done
    W: GPG error: https://packages.sury.org/php buster InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key
    E: The repository ‘https://packages.sury.org/php buster InRelease’ is not signed.
    N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
    N: See apt-secure(8) manpage for repository creation and user configuration details.

    Reply

Leave a Comment

*