Fixing Incus GPG Key Expiration Issues on Debian 12

ByPieter Bakker 16/09/202516/09/2025

When performing standard system updates on Debian 12 systems with Incus installed via the Zabbly repository, administrators may encounter the following error messages:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://pkgs.zabbly.com/incus/stable bookworm InRelease: The following signatures were invalid: EXPKEYSIG 82CC8797C838DCFD Zabbly Kernel Builds <info@zabbly.com>

W: Failed to fetch https://pkgs.zabbly.com/incus/stable/dists/bookworm/InRelease The following signatures were invalid: EXPKEYSIG 82CC8797C838DCFD Zabbly Kernel Builds <info@zabbly.com>

W: Some index files failed to download. They have been ignored, or old ones used instead.

The EXPKEYSIG designation indicates that the repository’s GPG signing key has reached its expiration date, preventing APT from validating package authenticity.

Technical Analysis

Third-party repositories utilize GPG key expiration as a security mechanism to ensure ongoing key management and limit the potential impact of compromised signing keys. When a key expires, APT’s security protocols prevent repository updates until a valid key is obtained.

This behavior serves several security purposes:

Enforces regular key rotation practices
Limits exposure from potentially compromised keys
Ensures administrators maintain awareness of their repository sources
Provides an opportunity to verify continued trust in third-party sources

Resolution Procedure

The resolution involves updating the expired GPG key from the repository maintainer’s authoritative source:

wget -O /etc/apt/keyrings/zabbly.asc https://pkgs.zabbly.com/key.asc

Following key installation, standard package management operations can resume:

apt update && apt upgrade -y

Implementation Details

The wget command retrieves the current GPG key from the official Zabbly server and places it in the standardized keyring directory (/etc/apt/keyrings/). This location follows Debian’s recommended practices for third-party repository key management and ensures proper integration with APT’s security framework.

Incus | Hetzner | ZFS
Rescaling Incus ZFS Storage on Hetzner Cloud
ByPieter Bakker 13/11/202413/11/2024
In a previous article about setting up Incus on Hetzner Cloud, we showed how to configure a CAX11 server with a separate ZFS partition for optimal container management. This tutorial builds upon that setup and demonstrates how to safely upgrade the server from a CAX11 to a CAX21 instance, focusing on expanding the ZFS storage…
Read More Rescaling Incus ZFS Storage on Hetzner Cloud
LXC | Debian | Hetzner | Incus | ZFS
Fixing ZFS DKMS Build Failures on Debian 12 VPS with Limited RAM
ByPieter Bakker 19/06/202504/07/2025
If you’re running ZFS on a small VPS and have encountered compilation failures during system updates, you’re not alone. This tutorial covers a common issue that affects many system administrators managing ZFS on memory-constrained virtual private servers. The Problem During a routine system update on a Hetzner Cloud CAX11 VPS (2 vCPU, 4GB RAM) running…
Read More Fixing ZFS DKMS Build Failures on Debian 12 VPS with Limited RAM
systemd | Debian
Limiting Systemd Journal Size: Preventing Log File Bloat
ByPieter Bakker 27/11/202429/11/2024
Introduction System logs are crucial for debugging, monitoring, and understanding your Linux system’s behavior. However, unchecked journal growth can quickly consume valuable disk space, potentially impacting system performance and available storage. This guide provides a practical approach to managing systemd journal sizes across Debian and other systemd-based Linux distributions. Understanding Systemd Journals Systemd journals collect…
Read More Limiting Systemd Journal Size: Preventing Log File Bloat
Ubuntu | Debian | Incus | LXC | LXD
Fixing LXD Image Repository Issues After Canonical’s Migration
ByPieter Bakker 07/06/202507/06/2025
If you’re a system administrator still managing LXD servers alongside newer Incus deployments, you may have recently encountered a frustrating error when trying to create new containers. This post will help you resolve the image repository access issue that emerged following Canonical’s reorganization of LXD resources. The Problem When attempting to launch a new container…
Read More Fixing LXD Image Repository Issues After Canonical’s Migration
ZFS | Debian | Incus
Installing Incus on Debian 12 with ZFS Storage
ByPieter Bakker 13/10/202413/10/2024
In our previous tutorial, we set up ZFS on Debian 12 and created a dedicated ZFS pool named incus-zfs. Now, we’ll continue by installing Incus, a powerful system container manager, and configuring it to use our ZFS storage backend. Prerequisites Adding the Incus Repository First, let’s add the official Incus repository to our system. Installing…
Read More Installing Incus on Debian 12 with ZFS Storage
Hetzner | Debian | Parted
How to Repartition a Hetzner Cloud Server
ByPieter Bakker 26/09/2024
This guide will walk you through the process of repartitioning a Hetzner cloud server to create an additional partition that can be formatted with a different file system (e.g., ZFS or BTRFS). We’ll use a CAX11 cloud server with Debian 12 as an example. Prerequisites Step 1: Boot into Rescue Mode Step 2: Analyze Current…
Read More How to Repartition a Hetzner Cloud Server

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Technical Analysis

Resolution Procedure

Implementation Details

Similar Posts