Problems Updating: Signature Keys

kpatz · May 25, 2025, 1:40pm

I’m having the same issue, apt update on 22.04 LTS gives me: “The following signatures were invalid: BADSIG 871920D1991BC93C Ubuntu Archive Automatic Signing Key (2018) ftpmaster@ubuntu.com”

I’ve tried replacing the key, including richarddew’s solution but it isn’t working. I think the problem is on Canonical’s end as nothing changed on mine, and all my Ubuntu boxes are giving the same error with this key when it hadn’t done so before (I usually run my updates weekly).

g-schick · May 25, 2025, 2:05pm

Hello and welcome.

Please provide more information on your ubuntu version.
What’s the output of sudo apt update?

rubi1200 · May 25, 2025, 2:14pm

@kpatz Welcome to Ubuntu Discourse

Same or similar are sometimes not exactly the same. I have moved your post to its own topic so we can offer better help.

Please answer @g-schick and give us as many details as possible.

Thanks.

kpatz · May 25, 2025, 3:14pm

I’m running 22.04.05 LTS “Jammy” on 3 machines.

This is the output of apt update on one of them (similar errors are on all 3). Previous updates (a week ago) were successful.

Hit:1 http://us.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://us.archive.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB]
Err:3 http://us.archive.ubuntu.com/ubuntu jammy-updates InRelease
  The following signatures were invalid: BADSIG 871920D1991BC93C Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
Err:4 http://us.archive.ubuntu.com/ubuntu jammy-backports InRelease
  The following signatures were invalid: BADSIG 871920D1991BC93C Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
Fetched 384 kB in 2s (202 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://us.archive.ubuntu.com/ubuntu jammy-updates InRelease: The following signatures were invalid: BADSIG 871920D1991BC93C Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://us.archive.ubuntu.com/ubuntu jammy-backports InRelease: The following signatures were invalid: BADSIG 871920D1991BC93C Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease  The following signatures were invalid: BADSIG 871920D1991BC93C Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease  The following signatures were invalid: BADSIG 871920D1991BC93C Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
W: Some index files failed to download. They have been ignored, or old ones used instead.

However, now I think it’s related to apt-cacher-ng now because I bypassed it on one box and then I didn’t get the errors. Last night I tried resetting apt-cacher-ng but it didn’t solve the problem (using commands I found online but I forget what I used now).

Update: I just remembered I’d moved apt-cacher-ng’s cache to my ZFS pool so it wasn’t in the default location. I created a fresh dataset and pointed apt-cacher-ng to that and it solved the issue. Brute force, but when I don’t know what needle to remove to fix the haystack, it’s easier to just build a new haystack. lol.

richarddew · May 25, 2025, 6:48pm

This is indeed a different problem. What I found by searching is this from https://itsfoss.com/solve-badsig-error-quick-tip/
Try the following, one after another:

sudo apt-get clean 
cd /var/lib/apt 
sudo mv lists oldlist 
sudo mkdir -p lists/partial 
sudo apt-get clean 
sudo apt-get update

kpatz · May 25, 2025, 10:04pm

That’s what I did last night that didn’t work. This morning I narrowed it down to apt-cacher-ng which I run on one of my boxes to cache the updates so all my Ubuntu boxes don’t have to go out to download them from the web. Clearing THAT cache fixed it.

ian-weisser · May 26, 2025, 12:56am

Great job troubleshooting!
Glad you figured out the problem and solved it.

Thanks for sharing both.

system · May 29, 2025, 12:57am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.