During the update of apt-cache or packages installation with the apt package manager, I get the signature expiration message (EXPKEYSIG 8C718D3B5072E1F5). This means that the gpg signature key is expired.

Error

Here is logs on my Debian 9 system:

sudo apt update

Hit:1 http://security.debian.org stretch/updates InRelease
Get:2 http://repo.mysql.com/apt/debian stretch InRelease [19.2 kB]
Hit:3 https://deb.nodesource.com/node_10.x stretch InRelease
Err:2 http://repo.mysql.com/apt/debian stretch InRelease
  The following signatures were invalid: EXPKEYSIG 8C718D3B5072E1F5 MySQL Release Engineering 
Hit:4 https://packages.sury.org/php stretch InRelease
Ign:5 http://mirrors.digitalocean.com/debian stretch InRelease
Get:6 http://mirrors.digitalocean.com/debian stretch-updates InRelease [91.0 kB]
Hit:7 http://mirrors.digitalocean.com/debian stretch Release
Reading package lists... Done
...
...

Use the following command to list all keys configured for apt on your system.

sudo apt-key list

You will see the expired key like this.

Expired Key (EXPKEYSIG)

Solution:

Now, update the expired key by running the below command. Here 8C718D3B5072E1F5 is the key was expired on my system.

sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 8C718D3B5072E1F5

You must change 8C718D3B5072E1F5 with the expired key on your system.