Since gnupg 2.1.10 the option --encrypt-to checks for for ambigious keys. But
this also fails, when there are two keys, where one key is valid and the other
one is expired and revoked.
This is a common case. When someone creates a new key, it is a good practise to
keep the old one to decrypt old data.
$ LC_ALL=C gpg --encrypt --encrypt-to firstname.lastname@example.org -r 0x5334752442830117 --armour
gpg: key specification 'email@example.com' is ambiguous
gpg: (check argument of option '--encrypt-to')
gpg: 'firstname.lastname@example.org' matches at least: