It looks to me like the X.509 certificate that anchors
https://openpgpkey.gnupg.org/ expired on October 24th. This means that
wkd lookups to anyone @gnupg.org don't work.
dirmngr says:
DBG: chan_5 <- WKD_GET -- gnupg-devel@gnupg.org DBG: dns: resolve_dns_name(openpgpkey.gnupg.org): Success DBG: chan_5 -> S SOURCE https://openpgpkey.gnupg.org DBG: Using TLS library: GNUTLS 3.6.9 DBG: http.c:connect_server: trying name='openpgpkey.gnupg.org' port=443 DBG: dns: resolve_dns_name(openpgpkey.gnupg.org): Success DBG: http.c:1901:socket_new: object 0x00007f601c30fa70 for fd 6 created TLS verification of peer failed: status=0x0402 TLS verification of peer failed: The certificate is NOT trusted. The certificate chain uses expired certificate. DBG: expected hostname: openpgpkey.gnupg.org DBG: BEGIN Certificate 'server[0]': DBG: serial: 0383B8C085F9EDBCA0412AF1F335992A0AF3 DBG: notBefore: 2019-07-26 23:19:09 DBG: notAfter: 2019-10-24 23:19:09 DBG: issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US DBG: subject: CN=openpgpkey.gnupg.org DBG: aka: (8:dns-name20:openpgpkey.gnupg.org) DBG: hash algo: 1.2.840.113549.1.1.11 DBG: SHA1 fingerprint: 20D5B259561D3E12CD4514CBB69053BF87161D14 DBG: END Certificate DBG: BEGIN Certificate 'server[1]': DBG: serial: 0A0141420000015385736A0B85ECA708 DBG: notBefore: 2016-03-17 16:40:46 DBG: notAfter: 2021-03-17 16:40:46 DBG: issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. DBG: subject: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US DBG: hash algo: 1.2.840.113549.1.1.11 DBG: SHA1 fingerprint: E6A3B45B062D509B3382282D196EFE97D5956CCB DBG: END Certificate TLS connection authentication failed: General error error connecting to 'https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/pofy55tsrdojuaf5rysodeo5p76qcgyg?l=gnupg-devel': General error command 'WKD_GET' failed: General error <Unspecified source> DBG: chan_5 -> ERR 1 General error <Unspecified source> DBG: chan_5 <- BYE