diff --git a/Makefile.packaging b/Makefile.packaging
index 84976dd54d..ab5b7b7f46 100644
--- a/Makefile.packaging
+++ b/Makefile.packaging
@@ -182,11 +182,18 @@ package: gpg-key $(PACKAGES_DIR) $(GITHUB_PACKAGES_DIR) $(AZURE_PACKAGES_DIR) ##
 gpg-key: ## Generate GPG public key
 	$$(gpg --import $(NFPM_SIGNING_KEY_FILE)); \
 	keyid=$$(gpg --list-keys NGINX | egrep -A1 "^pub" | egrep -v "^pub" | tr -d '[:space:]'); \
+	if [ -z "$$keyid" ]; then echo "Error: GPG key not found."; exit 1; fi; \
+	# Check if the key is expired \
+	# Look for the 'e' (expired) flag in the 'pub' or 'uid' lines \
+	if gpg --list-keys --with-colons "$$keyid" | grep -E '^pub:e:|^uid:e:'; then \
+		echo "Error: GPG key has expired."; \
+		exit 1; \
+	fi; \
 	expiry=1y; \
 	$$(gpg --quick-set-expire $$keyid $$expiry '*'); \
-	# we need to convert the private gpg key to rsa pem format for pkg signing \
+	# Convert the private GPG key to RSA PEM format for pkg signing \
 	$$(gpg --export-secret-key $$keyid | openpgp2ssh $$keyid > .key.rsa); \
-	$$(gpg --output $(GPG_PUBLIC_KEY) --armor --export)
+	$$(gpg --output $(GPG_PUBLIC_KEY) --armor --export $$keyid)
 
 release: ## Publish tarball to the UPLOAD_URL
 	echo "Publishing nginx-agent packages to ${UPLOAD_URL}"; \