Something wrong with Jitsi GPG key

Something wrong with Jitsi GPG key

wget -qO - | apt-key add -
gpg: no valid OpenPGP data found.

And while updated

apt-get --allow-insecure-repositories update
E: Failed to fetch  Certificate verification failed:
The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not
handshake: Error in the certificate verification. [IP: 443]
1 Like

Same issue here!

It is not the GPG Key, but the https keychain.

root@meet:~# wget  -v -O -

--2020-05-30 12:11:57--
Resolving ( 2001:660:2402::22,
Connecting to (|2001:660:2402::22|:443... connected.
ERROR: The certificate of '' is not trusted.
ERROR: The certificate of '' has expired.

The key is singed by a key which is signed by a key which is expired., See: or screenshot


As a workaround you could change the url in /etc/apt/sources.list.d/jitsi_meet.list to http:

deb stable/

As the packages are still signed by gpg and the gpg key is valid, the security impact can be okay, if you a have proven the gpg key before.

This is definitely not best practice, but you can make apt skip the certificate check, if you have to install jitsi/jibri/… right now

echo ' "false";' | tee /etc/apt/apt.conf.d/80jitsi-ssl-exceptions

Just don’t forget to remove this, after the certificate is working again…

Edit: Or just use http as @tabacha suggested…

Presumably there is a way to alert the devs that the key has expired?

1 Like

I would suggest the admins to use lets-encrypt for https. Any other solution does not work better, as you did not change the certificates as often and not automaticly.

@simon42 if you do this with apt.conf, there will be no https checking for any repository.

Just updated my post to just disable the check of the jitsi server

echo ' "false";' | tee /etc/apt/apt.conf.d/80jitsi-ssl-exceptions

The issue has been reported on the official development site and the developers have been notified. Will be fixed shortly I think.


Thanks guys I have spend entire day encountering this error