Running an Ubuntu or Debian operating system on your servers comes with a long lifetime. You won’t switch servers and migrate your applications that often.
You’ll maintain your system now and then and update installed packages to keep your system secure.
Recently, while maintaining the software on our server, we ran into the error „The following signatures were invalid: KEYEXPIRED 1544811256“ while running apt-get update.
This error happens when your system installs services from third-party repositories as we do with MongoDB.
Ubuntu/Debian Series Overview
- Fix “sudo command not found”
- Install a Specific Version with apt-get on Ubuntu/Debian
- Fix Ubuntu/Debian apt-get “KEYEXPIRED: The following signatures were invalid”
- How to Test a Cron Job
- How to Unzip Into a Folder
- How to Show Your Elasticsearch Version on Ubuntu/Debian
- Use “which” in Linux to find the Location of an Exetable
- Sort “ls” by Last Changed Date
- How to Shutdown a Machine
The Problem
You’ll recognize the following output while running apt-get update on your Ubuntu 16.04 system:
$ sudo apt-get update
Ign:11 https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 InRelease
Hit:12 https://repos.sonar.digitalocean.com/apt main InRelease
Hit:13 https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 Release
Err:17 https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 Release.gpg
The following signatures were invalid: KEYEXPIRED 1544811256
Fetched 1930 kB in 3s (601 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 Release: The following signatures were invalid: KEYEXPIRED 1544811256
W: Failed to fetch https://repo.mongodb.org/apt/ubuntu/dists/xenial/mongodb-org/3.6/Release.gpg The following signatures were invalid: KEYEXPIRED 1544811256
W: Some index files failed to download. They have been ignored, or old ones used instead.
The GPG key of the MongoDB repository expired on this server. To fix this issue, you need to rotate the key on your system. Here are the steps to renew an expired key.
Step 1: Find the Expired Key
Find the expired key from apt’s key list. You can run apt-key list to print a list of all installed keys. Use the command below if you want to filter for expired keys:
$ sudo apt-key list | grep -A 1 expired
pub 4096R/91FA4AD5 2016-12-14 [expired: 2018-12-14]
uid MongoDB 3.6 Release Signing Key <packaging@mongodb.com>
This resulting list prints all packages with related key details. The important part is the key 91FA4AD5. Copy that part, because you need it in the second step.
At the time of writing this tutorial, it’s December 18th, 2018 and the key expired four days ago (December 14th, 2018).
Step 2: Renew the Expired Key
Now that you know which key expired, go ahead and renew it. Use the following command and replace the <KEY> placeholder with your key’s value (the one you copied from above):
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys <KEY>
For the expired MongoDB GPG key, the command and output looks like this:
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 91FA4AD5
Executing: /tmp/tmp.XC8EiRvH3E/gpg.1.sh --keyserver
hkp://keyserver.ubuntu.com:80
--recv-keys
91FA4AD5
gpg: requesting key 91FA4AD5 from hkp server keyserver.ubuntu.com
gpg: key 91FA4AD5: "MongoDB 3.6 Release Signing Key <packaging@mongodb.com>" 1 new signature
gpg: Total number processed: 1
gpg: new signatures: 1
Sweet! Processing the key finished and your system received a new signature. Run the command to find outdated keys again and ensure an empty list.
Step 3: Re-Run Update
Now go ahead and re-run the apt-get update command to update your repositories 👌
$ sudo apt-get update
That’s it. Now you can upgrade your system with the updated packages. Enjoy!