As some might have noticed, the expiration date of the GPG key we use to
sign repos and packages for Linux distributions 1 was getting close
(2016-08-17), so I’ve prolonged the key validity until 2024-06-14. The
ID of the key stays the same.
If you’re using Debian/Ubuntu packages from nginx.org, you should
re-fetch and add the updated key to the APT keyring:
wget https://nginx.org/keys/nginx_signing.key && apt-key add
If you’re using CentOS/RHEL/SLES:
wget https://nginx.org/keys/nginx_signing.key && rpm --import
I’ve also uploaded the updated key to keys.gnupg.net/pgp.mit.edu, though
it might take some time for the pool to catch up on that change.
And finally for the sake of search engines visibility, here’s the apt
output Debian/Ubuntu users will see after 2016-08-17 with the old key:
W: GPG error: http://nginx.org jessie Release: The following signatures
were invalid: KEYEXPIRED 1471427554
Have a nice day,
Build & Deliver Applications, Flawlessly.
nginx.conf 2016: September 7-9, Austin, TX