📖 ~1 min read
Table of contents
Symptom & Impact
`apt update` fails with `NO_PUBKEY`, preventing secure metadata validation for the repository.
Environment & Reproduction
Ubuntu 20.04 with vendor repositories added via legacy key methods or expired signing keys.
Root Cause Analysis
The repository signing key is missing, rotated, or not referenced using modern keyring patterns.
Quick Triage
Extract the reported key ID and identify the corresponding repository definition file.
Step-by-Step Diagnosis
Confirm key fingerprint from vendor docs, inspect keyring path, and validate `signed-by` linkage.
Solution – Primary Fix
Install the correct key into `/usr/share/keyrings` and update source entries to use `signed-by`.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Temporarily disable the repo or migrate to official packages when third-party trust cannot be confirmed.
Verification & Acceptance Criteria
`apt update` completes with signature verification success and no trust warnings.
Rollback Plan
Remove newly added keyring and revert repository entry if unexpected package sources appear.
Prevention & Hardening
Track key expirations, avoid deprecated `apt-key`, and pin repository priorities appropriately.
Related Errors & Cross-Refs
`EXPKEYSIG`, `The following signatures couldn’t be verified`, and keyserver retrieval failures.
Related tutorial: View the step-by-step tutorial for Ubuntu 20.04 LTS.
View all Ubuntu 20.04 LTS tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Vendor repository setup guides and Ubuntu apt secure transport/key management documentation.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
