apt: The following signatures were invalid: KEYEXPIRED

When doing my regular updates I have found some of my GPG keys were expired so I couldn't get an update from apt.puppetlabs.com.

This is what I did:

user@server:~# sudo apt-get update

Result:

W: GPG error: http://apt.puppetlabs.com stable Release: The following signatures were invalid: KEYEXPIRED 1468001658

So lets see the expired GPG keys:

user@server:~# sudo apt-key list

/etc/apt/trusted.gpg.d/puppetlabs-keyring.gpg
---------------------------------------------
pub   4096R/4BD6EC30 2010-07-10 [expired: 2016-07-08]
uid                  Puppet Labs Release Key (Puppet Labs Release Key) <info@puppetlabs.com>

So now we need to get a new GPG key for this expired one from Puppet Labs.

The part after the "pub 4096R/" is the key we need to renew:

user@server:~# sudo apt-key adv --recv-keys --keyserver keys.gnupg.net 4BD6EC30

Now you see a couple of lines where the key is updated like this:

gpg: requesting key 4BD6EC30 from hkp server keys.gnupg.net
gpg: key 4BD6EC30: public key "Puppet Labs Release Key (Puppet Labs Release Key) <info@puppetlabs.com>" imported
gpg: key 4BD6EC30: "Puppet Labs Release Key (Puppet Labs Release Key) <info@puppetlabs.com>" 8 new signatures
gpg: key 4BD6EC30: public key "Puppet Labs Release Key (Puppet Labs Release Key) <info@puppetlabs.com>" imported
gpg: Total number processed: 3
gpg:               imported: 2  (RSA: 2)
gpg:         new signatures: 8

And after another apt-key list this is the result:

user@server:~# sudo apt-key list

/etc/apt/trusted.gpg.d/puppetlabs-keyring.gpg
---------------------------------------------
pub   4096R/4BD6EC30 2010-07-10 [expires: 2017-01-05]
uid                  Puppet Labs Release Key (Puppet Labs Release Key) <info@puppetlabs.com>

Now we can do an apt-get update :-)