"GPG error:The following signatures were invalid: KEYEXPIRED"

The error I am having when trying to update my package list.

W: GPG error: http://download.opensuse.org ./ Release: The following signatures were invalid: KEYEXPIRED 1436387333

W: Failed to fetch http://ppa.launchpad.net/samrog131/ppa/ubuntu/dists/trusty/main/binary-amd64/Packages  404  Not Found

E: Some index files failed to download. They have been ignored, or old ones used instead.
Asked By: raz


That ppa has been removed and no longer exists. You must find a different source for the packages installed through the samrog131 ppa.

In the meantime, run the following commands to resolve the situation.

First, to delete the expired key:

sudo apt-key del 1436387333

Then, to delete the ppa:

sudo rm /etc/apt/sources.list.d/samrog131*
sudo apt-get clean
sudo apt-get update

If you need to add a key see here.

sudo apt-get upgrade

You may want to run:

sudo apt-get dist-upgrade

depending on your situation. If you are not sure, see here.

Answered By: mchid
GPG error: http://download.opensuse.org ./ Release: The following signatures were invalid: KEYEXPIRED 1436387333

This says that your GPG key for that repository has expired, which means one of two things, either your system has the wrong date or the key really expired. For the later, you need to contact the repository maintainer and import the new key (removing the old one, probably), once the repository updates their keys to sign the files.

You can safely ignore these messages if you aren’t using packages of these repositories. The message can be removed if you remove the repository from your source.list file/directory.

Answered By: Braiam

As displayed earlier
First, to delete the expired key:

sudo apt-key del 1436387333

Then go to the site:


and download "Release.key"
Then import the key using the ubuntu14.04 software updater or synaptic package manager.

Answered By: Anirban Das

I don’t get the answers above, my system clock was fine.
The following worked for me:

sudo apt-key list | grep "expired: "
sudo apt-key adv --keyserver keys.gnupg.net --recv-keys [KEY]

The key being the the part behind the slash: 0000X/<this part is the key>

Or use this one liner:

sudo apt-key list  | grep "expired: " | sed -ne 's|pub .*/([^ ]*) .*|1|gp' | xargs -n1 sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 
Answered By: Peter

As simple as this should work:

sudo apt-key adv --refresh-keys

Why use sed and xargs if gpg can sort things for itself?

If getting an error about inaccessible key servers, try setting one directly:

sudo apt-key adv --keyserver keyserver.ubuntu.com --refresh-keys
Answered By: sanmai

None of these worked for me:

$ sudo apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 5072E1F5


$ sudo apt-key adv --keyserver pgp.mit.edu --recv-keys 5072E1F5


$ sudo apt-key adv --keyserver pgp.mit.edu --recv-keys A4A9406876FCBD3C456770C88C718D3B5072E1F5

The sources for those are:
https://bugs.mysql.com/bug.php?id=85029 and https://bugs.mysql.com/bug.php?id=94378

I performed one suspect operation in desperation (saying ‘y’ instead of ‘N’ below) which I think wasn’t required at all:

$ sudo apt-get install mysql-apt-config

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be upgraded:
1 upgraded, 0 newly installed, 0 to remove and 294 not upgraded.
Need to get 35.6 kB of archives.
After this operation, 0 B of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
Install these packages without verification? [y/N] y
Get:1 http://repo.mysql.com/apt/ubuntu/ trusty/mysql-apt-config mysql-apt-config all 0.8.13-1 [35.6 kB]
Fetched 35.6 kB in 0s (229 kB/s)      
Preconfiguring packages ...
dpkg-deb: error: archive '/var/cache/apt/archives/mysql-apt-config_0.8.13-1_all.deb' has premature member 'control.tar.xz' before 'contro
l.tar.gz', giving up
dpkg: error processing archive /var/cache/apt/archives/mysql-apt-config_0.8.13-1_all.deb (--unpack):
 subprocess dpkg-deb --control returned error exit status 2
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)

And followed it with:

$ sudo apt-get update

which did not help.

I still got the same error.

Finally, the following worked:

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 5072E1F5

I’m speculating (blindly) that maybe pgp.mit.edu has changed their structure or maybe “MySQL Release Engineering” (run apt-key list) has moved their keys to the ubuntu key server or some such thing (I have no idea of how keys are maintained).

This comment on the duplicate thread says the same thing.

Hope this saves someone some time and effort.

Answered By: site80443

This solution worked best for me.

wget -nv https://download.owncloud.org/download/repositories/stable/Ubuntu_16.04/Release.key -O Release.key

sudo apt-key add - < Release.key

Once these commands were run I was able to update and upgrade as expected.

Answered By: probie

A GUI oriented answer:

Navigate to /etc/apt/sources.list.d in your File Manager and double-click sources.list.

This should open the Software and Updates dialog. Click Other Software, find the offending PPA, click Remove. This stopped the error on my end.

Answered By: SteveHeist

Setting the correct system time in the BIOS solved the issue for me.

Answered By: Franz Knülle

Also, the following helped me with Retroshare’s repo for Ubuntu 20.04:

sudo apt -o Acquire::AllowInsecureRepositories=true 
  -o Acquire::AllowDowngradeToInsecureRepositories=true 

See also: How do I bypass/ignore the gpg signature checks of apt?

Answered By: Eugene Gr. Philippov

When tried to apply this solution, it failed, but at least it returned the right KEYS

apt-key adv --keyserver hkps://keyserver.ubuntu.com --refresh-keys

And with the right KEYS I could update them using…

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys <KEY>
Answered By: rodrigobb
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.