While updating my Debian 10 Buster server, I experienced an invalid signature from deb.sury.org
root@www112:~# apt update
Hit:1 http://deb.debian.org/debian buster InRelease
Hit:2 http://deb.debian.org/debian buster-updates InRelease
Hit:3 http://security.debian.org buster/updates InRelease
Hit:4 http://apt.bitninja.io/debian bitninja InRelease
Get:5 https://packages.sury.org/php buster InRelease [7,559 B]
Get:6 https://packages.microsoft.com/ubuntu/18.04/mssql-server-2019 bionic InRel ease [3,630 B]
Get:7 https://packages.microsoft.com/ubuntu/18.04/prod bionic InRelease [3,638 B ]
Err:5 https://packages.sury.org/php buster InRelease
The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key deb@sury.org
Fetched 7,268 B in 2s (3,780 B/s)
Reading package lists… Done
Building dependency tree
Reading state information… Done
143 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.sury.org/php buster InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key deb@sury.org
W: Failed to fetch https://packages.sury.org/php/dists/buster/InRelease The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key deb@sury.org
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@www112:~#
Luckily there is an easy solution to update the signature:
apt-key adv --fetch-keys https://packages.sury.org/php/apt.gpg
After this, you can run apt update && apt upgrade
again.