As announced by the Icinga team in August 2024, the key, which is used to sign the icinga2 packages, has expired.
The apt command on Debian, Ubuntu and other distributions using APT as package manager, will show an error like this:
root@debian:~# apt-get update
Get:1 http://security.debian.org/debian-security bullseye-security InRelease [27.2 kB]
Hit:2 http://deb.debian.org/debian bullseye InRelease
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Get:4 https://packages.icinga.com/debian icinga-bullseye InRelease [12.4 kB]
Get:5 http://security.debian.org/debian-security bullseye-security/main amd64 Packages [307 kB]
Get:6 http://security.debian.org/debian-security bullseye-security/main Translation-en [198 kB]
Err:4 https://packages.icinga.com/debian icinga-bullseye InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY CC116F55AA7F2382
Fetched 588 kB in 1s (1027 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.icinga.com/debian icinga-bullseye InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY CC116F55AA7F2382
W: Failed to fetch https://packages.icinga.com/debian/dists/icinga-bullseye/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY CC116F55AA7F2382
W: Some index files failed to download. They have been ignored, or old ones used instead.
To download and install the newer key, first identify which key is currently used:
root@debian:~# cat /etc/apt/sources.list.d/icinga.list
deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-bullseye main
In this situation, the additional apt repository is already using the newer signed-by method, where the relevant key path for this repository is defined. In this case we can download and overwrite the old key:
root@debian:~# curl -fsSL https://packages.icinga.com/icinga.key | sudo gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg
File '/usr/share/keyrings/icinga-archive-keyring.gpg' exists. Overwrite? (y/N) y
In case you are still using the older and meanwhile deprecated APT repository key method (using apt-key), you can use the following command:
root@debian:~# curl -s https://packages.icinga.com/icinga.key | apt-key add -
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK
As the output shows the deprecation warning, you should move to the newer signed-by method shown above.
Now that the new key was imported to APT, apt-get update works without an error again:
root@debian:~# apt-get update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Hit:2 http://security.debian.org/debian-security bullseye-security InRelease
Hit:3 http://deb.debian.org/debian bullseye-updates InRelease
Get:4 https://packages.icinga.com/debian icinga-bullseye InRelease [12.4 kB]
Get:5 https://packages.icinga.com/debian icinga-bullseye/main amd64 Packages [80.5 kB]
Fetched 92.9 kB in 1s (185 kB/s)
Reading package lists... Done
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder