gpg2 --refresh-keys general error

Or am I missing something in ~./gnupg/dirmngr.conf?

For me the following fixed it:

$ echo "hkp-cacert /usr/share/gnupg/sks-keyservers.netCA.pem" >> ~/.gnupg/dirmngr.conf

The documentation says that if hkp-cacert isn't specified it uses the system certificate store for regular hostnames and the the bundled certificate for the default keyserver pool.

$ gpg --search-keys 0B7F8B60E3EDFAE3
gpg: error searching keyserver: General error
gpg: keyserver search failed: General error

$ echo "hkp-cacert /usr/share/gnupg/sks-keyservers.netCA.pem" >> ~/.gnupg/dirmngr.conf

$ systemctl --user stop dirmngr.service  # or restart manually, this assumes socket activation
$ gpg --search-keys 0B7F8B60E3EDFAE3
gpg: data source: https://hkps.pool.sks-keyservers.net:443
(1)     Kristian Fiskerstrand <[email protected]>
        Kristian Fiskerstrand <[email protected]>
        Kristian Fiskerstrand <[email protected]>
        Kristian Fiskerstrand <[email protected]>
          4096 bit RSA key 0B7F8B60E3EDFAE3, created: 2007-12-15, expires: 2020-12-31
...

$ gpg --version
gpg (GnuPG) 2.2.21

Encountered this on 3 machines and it fixed it on 2 machines (Ubuntu Docker and Arch Linux) and the third Arch machine never worked with hkps, only hkp. Despite having the same version of gnupg, no strange configs in ~/gnupg.conf, and on the same network.

Seems that just specifying keyserver pgp.mit.edu in gnupg.conf also fixes it by dropping to the hkp protocol

Pool overview: https://sks-keyservers.net/overview-of-pools.php