Are the key servers down for anyone else?

I have been trying to do a fresh install for two days now and every time I try to refresh the keys it fails. This is the July release.

hello,I saw that.

1 Like

Which keyservers do you use?

for aur packages

This is the live ISO here is the output:

gpg: next trustdb check due at 2021-01-01
gpg: refreshing 119 keys from hkps://
gpg: keyserver refresh failed: General error
==> ERROR: A specified local key could not be updated from a keyserver.
Press ENTER to close this window: 

Joekamprad spoke in a thread about this problem…

OK let me search for it. I must have overlooked it.

1 Like

You wouldn’t happen to have a link? The only threads I see relate to errors with keys. This has no error…

see this alert

I’ve been having issues with over the past few days, and I think this is common for others too. A different keyserver will work (e.g.


It appears to be an error with the SSL certificate of The server is providing a certificate for

EDIT: The certificate is also expired.


I should have taken my own advice and read the Arch wiki more carefully. I’ll try this later:

Adding developer keys

The official developer and Trusted Users (TU) keys are signed by the master keys, so you do not need to use pacman-key to sign them yourself. Whenever pacman encounters a key it does not recognize, it will prompt to download it from a keyserver configured in /etc/pacman.d/gnupg/gpg.conf (or by using the --keyserver option on the command line). Wikipedia maintains a list of keyservers.

Once you have downloaded a developer key, you will not have to download it again, and it can be used to verify any other packages signed by that developer.

Note: The archlinux-keyring package, which is a dependency of pacman, contains the latest keys. However keys can also be updated manually using pacman-key --refresh-keys (as root). While doing --refresh-keys , your local key will also be looked up on the remote keyserver, and you will receive a message about it being not found. This is nothing to be concerned about.

1 Like

Hey all, I’ve successfully changed my keyserver to hkps:// like jonathon recommended, but when trying to update, I get an error that the signature from "EndeavourOS <>" is unknown trust and thus, welcome, eos-update-notifier and grub-tools can’t be updated. How would I go about “trusting” that signature? I’ve already tried a pacman-key --refresh-keys, which does what Elloquin described at the end of their message.

Either install endeavouros-keyring or locally sign the specific key using pacman-key --lsign.

Thanks for your help! Locally signing the key worked. (Reinstalling endeavouros-keyring wouldn’t have worked since it also is signed with the key)

1 Like

It will if you install the package file using pacman -U. :wink:

root@elloquin-elloquin ~]# sudo pacman -U endeavouros-keyring
loading packages...
error: 'endeavouros-keyring': could not find or read package
[root@elloquin-elloquin ~]# 
sudo pacman -U endeavouros-keyring-1-4-any.pkg.tar.xz

should work?


Woops it’s not signed?

[root@elloquin-elloquin ~]# sudo pacman -U
loading packages...
error: '/var/cache/pacman/pkg/endeavouros-keyring-1-4-any.pkg.tar.xz': package missing required signature
[root@elloquin-elloquin ~]# 
1 Like

I think one of the devs will have to do some manual intervention. No pun intended. :grinning: