I'm doing this on Debian GNU/Linux 10 buster. If apt update shows you this: Code: [email protected]:~# LANG=C apt update ... Get:10 https://deb.goaccess.io buster InRelease [2346 B] Err:10 https://deb.goaccess.io buster InRelease The following signatures were invalid: EXPKEYSIG 97BD1A0133449C3D Gerardo Orellana <[email protected]> ... it is because the key used for signing the packages has expired. It expired 2022-05-17, you can see this with command Code: apt-key list It is important to verify packages to be installed or updated using the signing keys, so do not disable them. When replacing expired key, verify the new key really comes from the right place and not from some random cracker site. To check where the key is stored now, use locate goaccess.gpg Code: [email protected]:~# locate goaccess.gpg /etc/apt/trusted.gpg.d/goaccess.gpg /etc/apt/trusted.gpg.d/goaccess.gpg~ [email protected]:~# The goaccess website has info on this problem, but seems the way it should be fixed is not entirely clear: https://github.com/allinurl/goaccess/issues/2321 Instead of using the many instructions in goaccess discussion, I use the instructions I originally installed goaccess with on my ISPConfig 3.x host: https://www.howtoforge.com/perfect-...-1/#-install-webalizer-awstats- qand-goaccess namely Code: wget -O - https://deb.goaccess.io/gnugpg.key | sudo apt-key --keyring /etc/apt/trusted.gpg.d/goaccess.gpg add - Verify the date stamp for the key file on your system is now from just now: Code: [email protected]:~# LANG=C ls -lh /etc/apt/trusted.gpg.d/goaccess* -rw-r--r-- 1 root root 2.7K May 24 12:13 /etc/apt/trusted.gpg.d/goaccess.gpg -rw-r--r-- 1 root root 1.8K Feb 14 2021 /etc/apt/trusted.gpg.d/goaccess.gpg~ [email protected]:~# Now apt update no longer complains and goaccess can be updated if there are any updates for it.