official nginx trusty ppa gives KEYEXPIRED gpg error

Solution 1:

After adding a third party repository to a /etc/apt/sources.list.d/* file or /etc/apt/sources.list, you need to make sure the corresponding gpg key is inserted into the apt keystore.

To be more specific for this special case of nginx.org repository: you need to add the nginx.org gpg key file used for the signing of the repository.

This can be done by either downloading the file https://nginx.org/keys/nginx_signing.key manually and issue sudo apt-key add nginx_signing.key (as suggested by nginx.org and @ThomasWard) or you can do this in one single line:

wget https://nginx.org/keys/nginx_signing.key -O - | sudo apt-key add -

Solution 2:

The root cause of this problem is because the "older" Nginx signing key expired on Aug 17, 2016:

$ sudo apt-key list

pub   2048R/7BD9BF62 2011-08-19 [expired: 2016-08-17]
uid                  nginx signing key <[email protected]>

To fix this issue, add the new signing key using the command as suggested by @phillip-zyan-k-lee-stockmann and @ThomasWard:

wget https://nginx.org/keys/nginx_signing.key -O - | sudo apt-key add -

The new key now expires in 2024:

$ sudo apt-key list

pub   2048R/7BD9BF62 2011-08-19 [expires: 2024-06-14]
uid                  nginx signing key <[email protected]>