The canonical instructions here are pretty good but there's a glaring error. Actually it's not glaring, it took me many hours of frustration to spot it. But you're not interested in my emotional issues, you're here for the solution. Here it is:
The instructions tell you to create a webmin.list file containing this:
deb [signed-by=/usr/share/keyrings/jcameron-key.gpg] https://download.webmin.com/download/repository sarge contrib
And where does that key come from? The instructions say this:
cat jcameron-key.asc | gpg --dearmor >/etc/apt/trusted.gpg.d/jcameron-key.gpgSpot the issue? The paths are different. We put the key in /etc/apt/trusted.gpg.d but tell apt to look for it in /usr/share/keyrings. No wonder we get
W: GPG error: https://download.webmin.com/download/repository sarge Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY D97A3AE911F63C51
E: The repository 'https://download.webmin.com/download/repository sarge Release' is not signed.
when we sudo apt update.
So the solution? Use the same path for both. I changed the webmin.list file to look like this:
deb [signed-by=/etc/apt/trusted.gpg.d/jcameron-key.gpg] https://download.webmin.com/download/repository sarge contrib