EXPKEYSIG debian ubuntu fedora

Fix EXPKEYSIG 9DC858229FC7DD38

Docker CE <docker@docker.com> — by Docker Inc.

Official Key Page: https://docs.docker.com/engine/install/
Error message 
EXPKEYSIG 9DC858229FC7DD38 Docker CE <docker@docker.com>

Your distro

Fix commands for Ubuntu

Method 1 Modern method (Debian 11+ / Ubuntu 22.04+)

The modern approach stores keys in /usr/share/keyrings/ as binary .gpg files and references them per-repository. This avoids the deprecated apt-key ring.

Ubuntu — bash
$ sudo apt-key del 9FC7DD38
$ sudo gpg --keyserver keyserver.ubuntu.com --recv-keys 9DC858229FC7DD38
$ sudo gpg --export 9DC858229FC7DD38 | sudo tee /usr/share/keyrings/9FC7DD38-archive-keyring.gpg > /dev/null
# Update your sources.list entry to include [signed-by=/usr/share/keyrings/9FC7DD38-archive-keyring.gpg]
$ sudo apt-get update
Official documentation

Method 2 Legacy apt-key method (Debian 10 / Ubuntu 20.04 and older)

Uses apt-key which is deprecated but still functional on older systems.

Ubuntu — bash
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9DC858229FC7DD38
$ sudo apt-get update

Method 3 Direct download from official source

Downloads the key directly from the official vendor URL. Preferred when available as it does not rely on keyservers.

Ubuntu — bash
$ sudo curl -fsSL -o /usr/share/keyrings/9FC7DD38-archive-keyring.gpg https://download.docker.com/linux/ubuntu/gpg
$ sudo apt-get update
Official documentation

After importing the key

Run sudo apt-get update (or your distro's equivalent) again. If successful you should see Hit: lines with no EXPKEYSIG warnings. Still broken? Check that your /etc/apt/sources.list.d/ entry references the correct [signed-by=…] keyring path.