🟠 High   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: Ubuntu 24.04 LTS

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

apt update fails with NO_PUBKEY and security updates are blocked.

Environment & Reproduction

Ubuntu 24.04 LTS host with a third-party source in /etc/apt/sources.list.d and missing signed-by keyring.

Root Cause Analysis

The repository metadata is signed with a key that is not installed in /usr/share/keyrings or referenced correctly.

Quick Triage

Check source files and run apt update to identify the failing repo and key fingerprint.

Step-by-Step Diagnosis

Review apt output, then compare the source entry signed-by path with existing keyring files under /usr/share/keyrings.

Illustrative mockup for ubuntu-24-04-lts — apt_nopubkey_diagnosis
NO_PUBKEY error shown during apt update — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Import the vendor GPG key with gpg –dearmor into /usr/share/keyrings, set signed-by in the repo file, and rerun apt update.

Still having issues? Our Managed IT Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for ubuntu-24-04-lts — apt_nopubkey_fixed
Repository keyring corrected and apt update succeeds — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Temporarily disable the faulty third-party source and continue updates from official Ubuntu archives only.

Verification & Acceptance Criteria

apt update completes without NO_PUBKEY and apt policy shows healthy repository metadata.

Rollback Plan

Remove the added source list and keyring file, then run apt update to return to baseline state.

Prevention & Hardening

Use per-repo signed-by keyrings and track key expiry dates in configuration management.

Automate patch management and compliance across your fleet with our DevOps services.

EXPKEYSIG, InRelease signature verification failure, and apt-secure trust warnings are related.

Related tutorial: View the step-by-step tutorial for Ubuntu 24.04 LTS.

View all Ubuntu 24.04 LTS tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Ubuntu apt-secure documentation and repository signing best practices.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.