diff --git a/content/posts/2023-08-05-problems-with-apt-keys-on-my-hotspots/index.md b/content/posts/2023-08-05-problems-with-apt-keys-on-my-hotspots/index.md
new file mode 100644
index 0000000..db01887
--- /dev/null
+++ b/content/posts/2023-08-05-problems-with-apt-keys-on-my-hotspots/index.md
@@ -0,0 +1,123 @@
++++
+title = 'Problems with apt-keys on my hotspots'
+summary = '''For some reasons apt wasn't able to verify the repositories
+signing keys on my Raspberry-Pi based hotspots and this is how I fixed it.'''
+date = '2023-08-05T08:36:38+02:00'
+lastmod = '2023-08-05T07:35:46+0000'
+categories = [ 'amateur-radio' ]
+tags = [ 'hotspot', 'pistar', 'raspberry-pi' ]
+
++++
+
+It is about a few times a year when something is broken on a linux system. Today (actually yesterday
+but I couldn't stay up much longer and I was already fed up with this sh\*\*) I upgraded my two
+raspberry-pi based hotspots and realized when apt couldn't verify the repositories signing keys
+because of missing keys.
+
+This happens usually on *any linux distribution* at least *once a year*.
+So it shouldn't be a big deal but it consumes time and I usually have to look into manpages and/or
+online help again because I already forgot how I fixed it the last time...
+
+Today, I write it down below.
+
+## What the error looks like
+
+When running `sudo apt update`:
+
+```console
+$ sudo apt update
+Get:1 http://httpredir.debian.org/debian bullseye-backports InRelease [49,0 kB]
+Get:2 http://security.debian.org/debian-security bullseye-security InRelease [48,4 kB]
+Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44,1 kB]
+Hit:4 http://archive.raspberrypi.org/debian bullseye InRelease
+Get:5 http://raspbian.raspberrypi.org/raspbian bullseye InRelease [15,0 kB]
+Err:1 http://httpredir.debian.org/debian bullseye-backports InRelease
+  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
+Err:2 http://security.debian.org/debian-security bullseye-security InRelease
+  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 112695A0E562B32A NO_PUBKEY 54404762BBB6E853
+Err:3 http://deb.debian.org/debian bullseye-updates InRelease
+  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
+Reading package lists... Done
+W: GPG error: http://httpredir.debian.org/debian bullseye-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
+E: The repository 'http://httpredir.debian.org/debian bullseye-backports InRelease' is not signed.
+N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+N: See apt-secure(8) manpage for repository creation and user configuration details.
+W: GPG error: http://security.debian.org/debian-security bullseye-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 112695A0E562B32A NO_PUBKEY 54404762BBB6E853
+E: The repository 'http://security.debian.org/debian-security bullseye-security InRelease' is not signed.
+N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+N: See apt-secure(8) manpage for repository creation and user configuration details.
+W: GPG error: http://deb.debian.org/debian bullseye-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
+E: The repository 'http://deb.debian.org/debian bullseye-updates InRelease' is not signed.
+N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+N: See apt-secure(8) manpage for repository creation and user configuration details.
+```
+
+## Obtain the keys
+
+```console
+$ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9 6ED0E7B82643E131 112695A0E562B32A 54404762BBB6E853
+gpg: keybox '/home/pi-star/.gnupg/pubring.kbx' created
+gpg: /home/pi-star/.gnupg/trustdb.gpg: trustdb created
+gpg: key A48449044AAD5C5D: public key "Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>" imported
+gpg: key 4DFAB270CAA96DFA: public key "Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>" imported
+gpg: key B7C5D7D6350947F8: public key "Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>" imported
+gpg: key 73A4F27B8DD47936: public key "Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>" imported
+gpg: Total number processed: 4
+gpg:               imported: 4
+```
+
+## Import the keys
+
+This still works, though, there is a [better method](https://stackoverflow.com/a/71384057)
+for future encounters.
+
+```console
+$ gpg -a --export 0E98404D386FA1D9 6ED0E7B82643E131 112695A0E562B32A 54404762BBB6E853 | sudo apt-key add -
+Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
+OK
+```
+
+## The resulting update process
+
+```console
+$ sudo apt update
+Get:1 http://httpredir.debian.org/debian bullseye-backports InRelease [49,0 kB]
+Hit:2 http://raspbian.raspberrypi.org/raspbian bullseye InRelease
+Get:3 http://security.debian.org/debian-security bullseye-security InRelease [48,4 kB]
+Get:4 http://deb.debian.org/debian bullseye-updates InRelease [44,1 kB]
+Hit:5 http://archive.raspberrypi.org/debian bullseye InRelease
+Get:6 http://httpredir.debian.org/debian bullseye-backports/main armhf Packages [415 kB]
+Get:7 http://httpredir.debian.org/debian bullseye-backports/main Translation-en [353 kB]
+Get:8 http://security.debian.org/debian-security bullseye-security/main armhf Packages [248 kB]
+Get:9 http://security.debian.org/debian-security bullseye-security/main Translation-en [164 kB]
+Get:10 http://httpredir.debian.org/debian bullseye-backports/contrib armhf Packages [4.680 B]
+Get:11 http://httpredir.debian.org/debian bullseye-backports/contrib Translation-en [5.984 B]
+Get:12 http://httpredir.debian.org/debian bullseye-backports/non-free armhf Packages [9.072 B]
+Get:13 http://httpredir.debian.org/debian bullseye-backports/non-free Translation-en [27,7 kB]
+Get:14 http://security.debian.org/debian-security bullseye-security/non-free Translation-en [464 B]
+Get:15 http://deb.debian.org/debian bullseye-updates/main armhf Packages [14,7 kB]
+Get:16 http://deb.debian.org/debian bullseye-updates/main Translation-en [9.964 B]
+Fetched 1.253 kB in 4s (282 kB/s)
+Reading package lists... Done
+Building dependency tree... Done
+Reading state information... Done
+All packages are up to date.
+```
+
+## Another way (quicker) but untested
+
+This should also work like the above (until <abbr title="End of life">EOL</abbr> of `apt-key`).
+
+```console
+$ apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0E98404D386FA1D9 6ED0E7B82643E131 112695A0E562B32A 54404762BBB6E853
+```
+
+## Final words
+
+I got that feeling: the next time I'd need this, `apt-key` will not work and got fully replaced
+by signing keys in <kbd>/etc/apt/keyrings</kbd>...
+
+Inspired by this post: <https://superuser.com/a/1485255>
+
+As the default keyserver strips user-ids they cannot imported without
+the `--keyserver` switch.