When running apt-get update on Ubuntu/Debian systems with MySQL repositories, you might encounter:
W: GPG error: http://repo.mysql.com/apt/ubuntu xenial InRelease:
The following signatures were invalid: KEYEXPIRED 1550412832 KEYEXPIRED 1550412832
E: The repository 'http://repo.mysql.com/apt/ubuntu xenial InRelease' is not signed.MySQL regularly rotates their GPG signing keys as a security measure. The error occurs when:
- The existing key in
/etc/apt/trusted.gpgor/usr/share/keyrings/has expired - The package manager can't verify repository metadata integrity
- Your system cache still references old key fingerprints
First, remove all existing MySQL keys:
sudo apt-key list | grep -i mysql
sudo apt-key del <key-id-from-previous-command>
# Alternatively for newer Ubuntu versions:
sudo rm /usr/share/keyrings/mysql-archive-keyring.gpgThen import the new key:
# For Ubuntu 16.04/Xenial and newer:
wget -O - https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 | sudo gpg --dearmor -o /usr/share/keyrings/mysql-archive-keyring.gpg
# For Debian systems:
wget -O - https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 | sudo apt-key add -After adding the key, verify its fingerprint matches MySQL's current signing key:
gpg --show-keys /usr/share/keyrings/mysql-archive-keyring.gpg
# Should show:
# pub rsa4096 2022-04-14 [SC]
# A119 8702 FC0D 3568 1D7F 7BCA 3D06 A59D 730D 1967
# uid MySQL Release Engineering <mysql-build@oss.oracle.com>For production systems, consider setting up a cron job to check key expiration:
#!/bin/bash
if apt-key list | grep -q "expired: "; then
wget -O - https://repo.mysql.com/RPM-GPG-KEY-mysql | sudo apt-key add -
apt-get update
fiFor more stable setups, use MySQL's official repo configuration:
# /etc/apt/sources.list.d/mysql.list
deb [signed-by=/usr/share/keyrings/mysql-archive-keyring.gpg] http://repo.mysql.com/apt/ubuntu/ $(lsb_release -cs) mysql-8.0If you're seeing errors like this when running apt-get update:
W: GPG error: http://repo.mysql.com/apt/ubuntu xenial InRelease:
The following signatures were invalid: KEYEXPIRED 1550412832 KEYEXPIRED 1550412832
This typically happens when MySQL's repository signing key has expired. As a developer managing production databases, this can break your deployment pipelines and prevent critical security updates.
MySQL/Oracle periodically rotates their package signing keys for security reasons. The public key in your system's keyring eventually becomes outdated. Unlike some other repositories, MySQL doesn't always provide seamless key rotation.
First, remove the expired key:
sudo apt-key del 5072E1F5
Then download and install the new key:
wget -q -O - https://repo.mysql.com/RPM-GPG-KEY-mysql | sudo apt-key add -
For Debian/Ubuntu systems, you might need to use this alternative approach:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29
To prevent future occurrences, create a key update script:
#!/bin/bash
# mysql_key_update.sh
KEY_ID="467B942D3A79BD29"
if ! apt-key list | grep -q "$KEY_ID"; then
echo "Adding MySQL repository key..."
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$KEY_ID"
fi
Add this to your weekly cron jobs:
0 0 * * 0 /path/to/mysql_key_update.sh
After applying the fix, verify with:
sudo apt-get update 2>&1 | grep -i mysql
apt-key list | grep -A1 "MySQL"
You should see clean output without expiration warnings and the new key should show valid dates.
If you're still experiencing issues:
- Check your repository configuration in
/etc/apt/sources.list.d/mysql.list - Ensure no duplicate entries exist
- Try clearing the apt cache:
sudo rm -rf /var/lib/apt/lists/*
For Docker users, add this to your Dockerfile:
RUN wget -q -O - https://repo.mysql.com/RPM-GPG-KEY-mysql | apt-key add - \
&& apt-get update