📖 ~1 min read
Table of contents
Symptom & Impact
apt update aborts with NO_PUBKEY, preventing patching and package deployment from affected repositories.
Environment & Reproduction
Common after key rotations or migrating from deprecated apt-key usage.
Root Cause Analysis
Repository public key is missing, expired, or referenced incorrectly in sources list signed-by option.
Quick Triage
Identify failing repository and expected key fingerprint.
Step-by-Step Diagnosis
Check existing trusted keyrings and map them to repo entries.
Solution – Primary Fix
Install vendor key into /etc/apt/keyrings and reference it explicitly using signed-by.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Disable failing third-party repository temporarily until trusted key distribution is validated.
Verification & Acceptance Criteria
apt update completes cleanly with no signature warnings and repository indices refresh successfully.
Rollback Plan
Revert source list and remove newly added keyring file if repository trust cannot be confirmed.
Prevention & Hardening
Track repository key expiration dates and use keyrings-per-repo instead of global trust.
Related Errors & Cross-Refs
Related to clock drift, TLS MITM proxy certificates, and stale apt cache metadata.
Related tutorial: View the step-by-step tutorial for Ubuntu 22.04 LTS.
View all Ubuntu 22.04 LTS tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Ubuntu apt secure transport and repository key management guidance.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
