Remove old gpg key from website

Hello

Can you remove https://syncthing.net/release-key.txt

A internet-karma website uses outdated copy pasted guide using this key.

I have installed the old key not knowing it’s old. Removed the key via apt-key plus removed the key with rm, installed the new key, apt-key list doesn’t show any key and apt still complains key is untrusted and therefore repo is disabled.

That way no one else installs the old key and maybe even the guy updates his website.

Err:6 https://apt.syncthing.net syncthing Release
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 82.196.13.137 443]
Reading package lists... Done
E: The repository 'https://apt.syncthing.net syncthing Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

The key is fine. The error you see is due to outdated certificate bundles on your system, since a certificate that LetsEncrypt uses expired last fall. You need to update your certificate bundle, there are threads about it here on the forum.

1 Like

Yeah you’re right, I just installed that key again after ca-certificates was installed and it doesn’t complain.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.