Installing GPG keys for Debian Backports

For Let’s Encrypt to automatically renew certificates on your Raspberry Pi, you probably want to install certbot. The installation instructions of certbot tell you to make use of the Debian Backports packages. Following the instructions to install backports packages into apt-get on raspbian (which is a Debian Jessie), you will probably run into the following error:

$ sudo apt-get update
...
W: GPG error: http://ftp.debian.org jessie-backports InRelease:
   The following signatures couldn't be verified because the public
   key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY
   7638D0442B90D010

For some reason the GPG keys (there are two listed above) of Debian Backports are not automatically fetched from the GPG keyservers. Using this stackoverflow answer, I fixed the GPG key problem as follows:

$ sudo su -

$ gpg --keyserver pgp.mit.edu --recv-keys \
        7638D0442B90D010 8B48AD6246925553
gpg: requesting key 2B90D010 from hkp server pgp.mit.edu
gpg: requesting key 46925553 from hkp server pgp.mit.edu
gpg: key 2B90D010: public key "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" imported
gpg: key 46925553: public key "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2018-08-19
gpg: Total number processed: 2
gpg: imported: 2 (RSA: 2)

$ gpg --armor --export 7638D0442B90D010 | apt-key add -
OK

$ gpg --armor --export 8B48AD6246925553 | apt-key add -
OK

After importing the keys, exit from the root and try the usual update:

$ exit
$ sudo apt-get update
Hit http://ftp.debian.org jessie-backports InRelease
...
Reading package lists... Done

Presto! You can now proceeed with installing certbot, or any other package requiring debian backports.