GPG error: http://archive.debian.org lenny/updates Release: The following signatures were invalid: KEYEXPIRED 1356982504

Question

I am getting following error while update my source lists

$ sudo apt-get update

Reading package lists... Done

W: GPG error: http://archive.debian.org lenny/updates Release: The following signatures were invalid: KEYEXPIRED 1356982504

W: You may want to run apt-get update to correct these problems

How to resolve this issue?

Answer 1

To find any expired repository keys and their IDs, use apt-key as follows:

  apt-key list | grep expired

You will get a result similar to the following:

  pub   4096R/BE1DB1F1 2011-03-29 [expired: 2014-03-28]

The key ID is the bit after the / i.e. BE1DB1F1 in this case.

To update the key, run

  sudo apt-key adv --recv-keys --keyserver keys.gnupg.net BE1DB1F1

Answer 2

I had the same issue and I just change the system date

date --set 2008-01-01

then try to update

apt-get update

Answer 3

At the end any of this answers solve my issue.

What I did is recheck for the latest available sources. In my case

###### Debian Main Repos
deb http://ftp.au.debian.org/debian/ wheezy main contrib non-free 
deb-src http://ftp.au.debian.org/debian/ wheezy main contrib non-free 

###### Debian Update Repos
deb http://security.debian.org/ wheezy/updates main contrib non-free 
deb http://ftp.au.debian.org/debian/ wheezy-proposed-updates main contrib non-free 
deb-src http://security.debian.org/ wheezy/updates main contrib non-free 
deb-src http://ftp.au.debian.org/debian/ wheezy-proposed-updates main contrib non-free 

I generate them using this website. https://debgen.simplylinux.ch/ Debian Source generator.

Then I update the keys in the repo.

apt-get install debian-keyring debian-archive-keyring
apt-key update

Then again try to update

apt-get update

That will probably fix the issue.

Fetched 67.5 kB in 2min 0s (560 B/s)
Reading package lists... Done

If you still problems with some keys follow the next steps per key.

You need to add the key manually from another server. In this case the missing key is 55BE302B

So you have to do:

gpg --keyserver pgpkeys.mit.edu --recv-key  55BE302B
gpg -a --export 55BE302B | sudo apt-key add - 

It will import the key and then you add them to the sources.

root@XXX:~# gpg --keyserver pgpkeys.mit.edu --recv-key  55BE302B
gpg: requesting key 55BE302B from hkp server pgpkeys.mit.edu
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 55BE302B: public key "Debian Archive Automatic Signing Key (5.0/lenny) <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
root@XXX:~# gpg -a --export 55BE302B | sudo apt-key add -     
OK

I hope this help anyone facing the same issue.