🟑 Medium   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: 16.04 16.04.7

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Administrators see apt update stop with NO_PUBKEY warnings and repository metadata cannot be trusted, blocking package operations and patch workflows.

Environment & Reproduction

The issue appears on Ubuntu 16.04 hosts using third-party or stale mirrors after key rotation.

Root Cause Analysis

Repository signing keys are missing, expired, or not stored in trusted keyrings expected by apt on this release.

Quick Triage

Confirm exact key IDs and identify affected repository definitions before modifying trust configuration.

Step-by-Step Diagnosis

Collect key IDs, validate mirror URLs, and verify whether repositories still publish supported metadata.

Illustrative mockup for ubuntu-16-04-lts β€” apt-nopubkey-triage
Terminal output showing NO_PUBKEY repository error β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Import valid keys from official sources, remove deprecated repositories, then refresh package lists cleanly.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for ubuntu-16-04-lts β€” apt-key-import-fix
Importing missing repository signing key β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Use archive snapshots, migrate to supported mirrors, or disable unneeded repos pending governance review.

Verification & Acceptance Criteria

apt update completes without GPG errors and all required repositories return signed Release files.

Rollback Plan

Revert key and sources list changes from backup and restore previous trusted keyring state.

Prevention & Hardening

Track repository key expirations, restrict third-party repos, and audit apt trust sources regularly.

EXPKEYSIG, BADSIG, repository no longer has a Release file, and hash sum mismatch incidents.

Related tutorial: View the step-by-step tutorial for Ubuntu 16.04 LTS.

View all Ubuntu 16.04 LTS tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Ubuntu package management security guidance and repository signing key lifecycle documentation.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.