The "Release file is expired" error occurs when your system's date and time are incorrect or when you're accessing outdated repository mirrors. This prevents apt from updating packages. The fix typically involves synchronizing your system clock or using configuration options to bypass the validity check.
This error appears when APT (Debian/Ubuntu package manager) cannot access package repositories because the cryptographic signature on the repository's release file has expired. Every repository publishes a "Release" file that is digitally signed with a timestamp. APT validates this timestamp to ensure you're getting packages from a legitimate source. The error message shows how long ago the file expired (e.g., "invalid since 12d 19h 16min 30s"). This typically happens for two reasons: your system clock is set to a date in the past (or future), making the file appear expired, or the repository mirror hasn't been updated in a long time and the release file is actually stale.
First, check if your system's date and time are correct. This is the most common cause. The system clock is critical for validating cryptographic signatures.
# Check current date and time
date
# Check timezone
timedatectl status
# Enable automatic time synchronization (recommended)
sudo timedatectl set-ntp true
# If timedatectl doesn't work, manually sync time from NTP server
sudo ntpdate pool.ntp.org
# or
sudo systemctl restart systemd-timesyncdWait a few seconds after running these commands and try apt update again. If the system clock was the issue, this should resolve the error.
If updating the system time didn't work, you can temporarily bypass the validity check while investigating further. This tells APT to skip signature expiration validation for this one command.
# With apt
sudo apt -o Acquire::Check-Valid-Until=false update
# Or with apt-get
sudo apt-get -o Acquire::Check-Valid-Until=false update
# Then install packages normally
sudo apt install package-nameThis allows you to proceed with package installation while you address the root cause. However, do not make this permanent without understanding why.
If you're using an end-of-life distribution or an inactive mirror, switch to an archive mirror or a more actively maintained one.
For old Debian versions (Jessie, Stretch, Wheezy), use the Debian archive instead of the regular mirror:
sudo nano /etc/apt/sources.listReplace:
- deb http://deb.debian.org/debian buster main
- With: deb http://archive.debian.org/debian buster main
For actively supported distributions, choose a well-maintained mirror from the official list:
https://www.debian.org/mirror/list
Then test the update:
sudo apt updateIf bypassing the check is necessary as a permanent solution (only after confirming it's safe), create a persistent APT configuration file:
# Create/edit the apt config
echo 'Acquire::Check-Valid-Until "false";' | sudo tee /etc/apt/apt.conf.d/99disable-check-valid-until
# Verify the file was created
cat /etc/apt/apt.conf.d/99disable-check-valid-untilNow apt commands will bypass the validity check by default. This should only be done if:
1. You've confirmed your system clock is correct
2. You understand you're accepting packages from expired repository signatures
3. You're in a controlled environment (development VM, isolated system, etc.)
Warning: Do not use this on production systems or systems exposed to untrusted networks, as it reduces security validation.
If this error occurs inside a Docker container, the issue is likely that the container image is very old. Rebuild with a fresh base image:
# Instead of this:
FROM debian:jessie
# Use a more recent version:
FROM debian:bookwormThen rebuild your image:
docker build --no-cache -t myapp:latest .For end-of-life distributions: Debian Jessie, Stretch, and Wheezy repositories are no longer maintained on the main mirrors. You must switch to archive.debian.org to access any packages at all.
For Proxmox users: This error is common when upgrading or maintaining old Proxmox installations using Debian Jessie or Stretch base systems. Update sources.list to use archive.debian.org and consider upgrading to a newer Proxmox version.
Security note: The validity check exists to ensure you're getting packages from a trusted source. While bypassing it temporarily is acceptable for troubleshooting, always address the underlying cause (clock sync or mirror update) before making the bypass permanent. Never bypass this check on systems handling sensitive data without careful consideration.
Clock synchronization in cloud VMs: Some cloud providers may have clock drift issues. If you're on AWS, Azure, or similar platforms, ensure the time sync daemon is running: systemctl status systemd-timesyncd.
E: Could not connect to proxy server
Could not connect to proxy server
E: Package 'package:i386' has no installation candidate
How to fix "Package package:i386 has no installation candidate" in apt
E: The value 'value' is invalid for APT::Default-Release
How to fix invalid APT::Default-Release value in APT
dpkg: error: unable to create new file 'path': Permission denied
How to fix dpkg permission denied errors in APT
subprocess installed post-removal script returned error exit status 1
How to fix "subprocess installed post-removal script returned error exit status 1" in APT