1. Home
  2. Categories
  3. Support
  4. Debian mirror feed / connector doesn't work " Signature by xyz was created after the --not-after date."

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Debian mirror feed / connector doesn't work " Signature by xyz was created after the --not-after date."

  • M

    Hi everyone,

    i try to setup a Debian mirror feed in our Proget 2025.19 (Build 14) instance.

    I create a Debian type feed named "mirror-deb.debian.org-trixie" and added a connector that points to deb.debian.org/debian.

    Bildschirmfoto_2026-02-18_22-15-46.png

    That seems to work so far as i can see packages show up in the feed.

    I configured a new /etc/apt/sources.list on a Debian Trixie machine using the steps displayed in the "integrate with apt".

    The result is an error message as following:

    $ sudo apt update
Get:1 https://proget/debian/mirror-deb.debian.org-trixie trixie InRelease [9247 B]
Err:1 https://proget/debian/mirror-deb.debian.org-trixie trixie InRelease
  Sub-process /usr/bin/sqv returned an error code (1), error message is: Signature by 123456789redacted was created after the --not-after date.
Warning: OpenPGP signature verification failed: https://proget/debian/mirror-deb.debian.org-trixie trixie InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signature by 123456789redacted was created after the --not-after date.
Error: The repository 'https://proget/debian/mirror-deb.debian.org-trixie trixie InRelease' is not signed.
Notice: Updating from such a repository can't be done securely, and is therefore disabled by default.
Notice: See apt-secure(8) manpage for repository creation and user configuration details.
    0 stevedennis 1 Reply
  • stevedennis
    inedo-engineer

    Hi @matthias-schmitz_2037 ,

    The "Signature ... was created after the --not-after date" message is coming from sqv (Sequoia-PGP verifier), which newer versions of APT use for signature verification.

    It almost always indicates a system clock problem on the affected machine, not a repository problem, and often means "The system clock is behind the signature creation time."

    So bottom line, I would check the clocks to make sure they are accurate.

    Thanks,
    Steve

    0
  • G

    Hi,

    we had the same issue.

    For Debian Trixie, there is a negative effect with sqv (Seqouia Verification Tool) using the universal signing key. When verifying the signing key, a message with (... --not-after ...) and exit status 1 is displayed. It is necessary to check whether the time has been synchronized correctly!!!

    Here is what you need to check:

    timedatectl
 ...
 System clock synchronized: yes # It should be yes, if your environment is using ntp-server.
 ...
    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation