Docker GPG Error: signatures couldn’t be verified – public key is not available: NO_PUBKEY

This means that your server doesn’t have the public key 7EA0A9C3F273FCD8 to verify the Docker repository’s authenticity. This means you cannot securely install or update Docker packages.

To fix this, we need to ensure the Docker GPG key is correctly added and recognized.

Here’s a detailed and robust approach to this problem:

Step-by-Step Fix:

1.) Ensure Necessary Tools are Installed: It’s crucial to have curl (to download the key) and gnupg (to process the key) and ca-certificates (for secure HTTPS connections).

# apt-get install -y ca-certificates curl gnupg

2.) Create the Keyrings Directory (if it doesn’t exist): This is the recommended location for GPG keys for apt.

# install -m 0755 -d /etc/apt/keyrings

3.) Download and Add the Docker GPG Key: This command fetches the official Docker GPG key and places it in the secure keyrings directory, converting it to a format apt can use.

# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

• -f: Fail silently (no HTML output on HTTP errors).
• -s: Silent mode (don’t show progress or error messages).
• -S: Show error messages even if silent.
• -L: Follow redirects.
• | sudo gpg --dearmor: Pipes the downloaded content to gpg --dearmor, which converts the ASCII armored GPG key into a binary format.
• -o /etc/apt/keyrings/docker.gpg: Outputs the processed key to the specified file.

4.) Set Correct Permissions for the GPG Key: The key file must be readable by apt.

# chmod a+r /etc/apt/keyrings/docker.gpg

5.) Verify the Repository Configuration (Important Check!): You need to ensure that the Docker repository line in your sources.list.d file explicitly references the newly added GPG key. Look for a file like /etc/apt/sources.list.d/archive_uri-https_download_docker_com_linux_ubuntu-jammy.list.

It should look something like this (or be modified to look like this):

deb [arch=amd64,arm64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable

If your existing entry doesn’t have signed-by=/etc/apt/keyrings/docker.gpg, you need to modify it. The add-apt-repository command sometimes adds the entry without the signed-by part, especially on older versions or if there’s a conflict.

How to fix the repository entry:

Option A (Recommended for simplicity):

Remove the existing Docker repository entry and re-add it using the modern command that correctly includes the signed-by argument.

*** Removing existing Docker source file ***

# rm /etc/apt/sources.list.d/archive_uri-https_download_docker_com_linux_ubuntu-jammy.list

*** Add the Docker repository with the correct GPG key reference *** 

# echo \
“deb [arch=$(dpkg –print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo “$VERSION_CODENAME”) stable” | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Note: The dpkg --print-architecture and $(. /etc/os-release && echo "$VERSION_CODENAME") ensure the correct architecture and Ubuntu codename are used dynamically.

Option B (Manual Edit – only if you prefer):

Edit the file manually.

# nano /etc/apt/sources.list.d/archive_uri-https_download_docker_com_linux_ubuntu-jammy.list

Find the line starting with deb https://download.docker.com/linux/ubuntu jammy stable and modify it to:

deb [arch=amd64,arm64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable

Save the file (Ctrl+O, Enter, Ctrl+X in nano).

6.) Update APT Package Index:

This is the final step to make apt re-read the repository configurations and recognize the new key.

# apt-get update

After running these steps, the GPG error should be resolved, and you should no longer see the message “The repository ‘https://download.docker.com/linux/ubuntu jammy InRelease’ is not signed.” You will then be able to proceed with installing Docker.