🟠 High   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: Ubuntu 24.04 LTS

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

apt update fails with key verification errors, preventing package refresh and upgrades.

Environment & Reproduction

Usually tied to third-party repositories with outdated signing keys.

sudo apt update
grep -R '^deb ' /etc/apt/sources.list.d

Root Cause Analysis

Repository signing keys are missing, expired, or stored incorrectly for signed-by usage.

Quick Triage

Map each failing repository entry to its keyring path.

grep -R 'signed-by' /etc/apt/sources.list /etc/apt/sources.list.d
ls /etc/apt/keyrings

Step-by-Step Diagnosis

Validate repo definitions and inspect key expiry state.

sudo apt update
apt-key list || true
gpg --show-keys /etc/apt/keyrings/*.gpg 2>/dev/null
Illustrative mockup for ubuntu-24-04-lts — terminal_or_shell
Diagnostic output for package-management/gpg-keys — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Refresh vendor keyring files and ensure source entries reference the correct signed-by key.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://example.com/repo.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/example.gpg
sudo apt update
Illustrative mockup for ubuntu-24-04-lts — log_or_console
Resolution output for package-management/gpg-keys — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Disable failing repositories temporarily to restore updates from official archives.

sudo sed -i 's/^deb/# deb/g' /etc/apt/sources.list.d/failing.list
sudo apt update

Verification & Acceptance Criteria

apt update completes with no GPG signature warnings or errors.

sudo apt update
sudo apt upgrade -y

Rollback Plan

Restore previous source files if a key change introduces package trust issues.

sudo cp -a /root/sources.list.d.backup/* /etc/apt/sources.list.d/
sudo apt update

Prevention & Hardening

Prefer repositories that publish key rotation guidance and signed-by keyrings.

sudo grep -R 'signed-by=' /etc/apt/sources.list /etc/apt/sources.list.d

Related errors include NO_PUBKEY, EXPKEYSIG, and repository is not signed.

Related tutorial: View the step-by-step tutorial for Ubuntu 24.04 LTS.

View all Ubuntu 24.04 LTS tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Ubuntu apt-secure documentation and repository key management guides.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.