DigitalOcean

Question

how to solve GPG error

I dont know exactly why but since some days runs following errors when I run apt update:

Err:17 https://repo.charm.sh/apt * InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 03BBF595D4DFD35C
Reading package lists... Done
W: GPG error: https://repo.charm.sh/apt * InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 03BBF595D4DFD35C
E: The repository 'https://repo.charm.sh/apt * InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details
Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
January 22, 2025
Accepted Answer

Heya,

The error you’re encountering means that the public key for the repository https://repo.charm.sh/apt is missing, which prevents apt from verifying the authenticity of the repository. This is a common issue when a repository’s signing key is not imported to your system.

To fix this issue, follow these steps:

You can manually download and add the missing public key. The error message mentions the key ID 03BBF595D4DFD35C, which you can use to retrieve the public key.

Run the following commands:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 03BBF595D4DFD35C

This command retrieves the missing key from the Ubuntu keyserver. If this doesn’t work, try a different keyserver:

sudo apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 03BBF595D4DFD35C

After adding the key, you can verify that the key was successfully added by running:

sudo apt-key list

Look for the key 03BBF595D4DFD35C in the output.

Once the key is added, update the package list again to see if the error is resolved:

sudo apt update

This should now successfully update the package lists without the GPG error.

Alternative: Re-add the Repository

If the problem persists, the repository configuration might have changed. You can remove and then re-add the repository as follows:

  • First, remove the repository configuration file (if applicable) under /etc/apt/sources.list.d/:
sudo rm /etc/apt/sources.list.d/charm-*.list

Then, re-add the repository with the updated signing key by following the instructions on the official website for https://repo.charm.sh.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.