Unable to update Plesk : The following signatures were invalid: XXXXX (untrusted public key algorithm: rsa3072)

Symptoms

1. Unable to update Plesk to the latest version:

   • Error reported:

     W: GPG error: http://autoinstall.plesk.com/pool/PSA_18.0.69_16859 noble InRelease: The following signatures were invalid: 6C191325088ED83A618EC0C2E9299045CE550E57 (untrusted public key algorithm: rsa3072)

2. Upgrade via CLI fails:

   • Error reported:

     WARNING: The following packages cannot be authenticated!
     sw-engine-cli-7.70 pp18.0.70-bootstrapper
     E: There were unauthenticated packages and -y was used without --allow-unauthenticated

3. Operating System: Ubuntu 24.04

4. GPG Key Information:

   • The GPG key from this article is already installed:

# gpg /etc/apt/keyrings/plesk.gpg
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa3072 2025-03-05 [SC]
6C191325088ED83A618EC0C2E9299045CE550E57
uid Plesk Team info@plesk.com
sub rsa3072 2025-03-05 [E]

5. Custom APT Key Directives:
   • There are custom APT Key directives in the APT configuration directory:

# grep APT::Key /etc/apt/apt.conf.d/*
/etc/apt/apt.conf.d/99weakkey-warning:APT::Key::Assert-Pubkey-Algo ">=rsa4096,>=dsa2048";

Cause

The custom key configuration does not accept the Plesk GPG key because it uses RSA3072 for its encryption. If the requirement is higher, the authentication of the repository will fail.

Resolution

Adjust the key requirements to align with the Plesk key:

1. Connect to the server via SSH.
2. Edit the file containing the directive:

# vi /etc/apt/apt.conf.d/99weakkey-warning

3. Change the line to:

# APT::Key::Assert-Pubkey-Algo ">=rsa3072,>=dsa1024";

4. Save the file and run:

# apt update

5. Re-run the Plesk update.