During the update of apt-cache or packages installation with the apt package manager, I get the signature expiration message (EXPKEYSIG 8C718D3B5072E1F5). This means that the gpg signature key is expired.


Here is logs on my Debian 9 system:

sudo apt update

Hit:1 http://security.debian.org stretch/updates InRelease
Get:2 http://repo.mysql.com/apt/debian stretch InRelease [19.2 kB]
Hit:3 https://deb.nodesource.com/node_10.x stretch InRelease
Err:2 http://repo.mysql.com/apt/debian stretch InRelease
  The following signatures were invalid: EXPKEYSIG 8C718D3B5072E1F5 MySQL Release Engineering 
Hit:4 https://packages.sury.org/php stretch InRelease
Ign:5 http://mirrors.digitalocean.com/debian stretch InRelease
Get:6 http://mirrors.digitalocean.com/debian stretch-updates InRelease [91.0 kB]
Hit:7 http://mirrors.digitalocean.com/debian stretch Release
Reading package lists... Done

Use the following command to list all keys configured for apt on your system.

sudo apt-key list

You will see the expired key like this.

Expired Key (EXPKEYSIG)


Now, update the expired key by running the below command. Here 8C718D3B5072E1F5 is the key was expired on my system.

sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 8C718D3B5072E1F5

You must change 8C718D3B5072E1F5 with the expired key on your system.