Add new signing key (#9288)

* Add new signing key

* Update certbot/CHANGELOG.md

3 files changed, 5 insertions, 1 deletions

diff --git a/certbot/CHANGELOG.md b/certbot/CHANGELOG.md
index 9a24b8bf1..cfb18cd6e 100644
--- a/certbot/CHANGELOG.md
+++ b/certbot/CHANGELOG.md
@@ -10,6 +10,8 @@ Certbot adheres to [Semantic Versioning](https://semver.org/).
 
 ### Changed
 
+* The PGP key `F2871B4152AE13C49519111F447BF683AA3B26C3` was added as an
+  additional trusted key to sign our PyPI packages
 * When `certonly` is run with an installer specified (e.g.  `--nginx`),
   `certonly` will now also run `restart` for that installer
 
diff --git a/certbot/docs/packaging.rst b/certbot/docs/packaging.rst
index 89b368d65..a1fb23100 100644
--- a/certbot/docs/packaging.rst
+++ b/certbot/docs/packaging.rst
@@ -33,12 +33,13 @@ example: `v0.11.1`.
 
 .. _`Semantic Versioning`: https://semver.org/
 
-Since version 1.21.0, our packages are cryptographically signed by one of three
+Since version 1.21.0, our packages are cryptographically signed by one of four
 PGP keys:
 
 - ``BF6BCFC89E90747B9A680FD7B6029E8500F7DB16``
 - ``86379B4F0AF371B50CD9E5FF3402831161D1D280``
 - ``20F201346BF8F3F455A73F9A780CC99432A28621``
+- ``F2871B4152AE13C49519111F447BF683AA3B26C3```
 
 These keys can be found on major key servers and at
 https://dl.eff.org/certbot.pub.
diff --git a/tools/_release.sh b/tools/_release.sh
index d78b2ee96..a9ed017a7 100755
--- a/tools/_release.sh
+++ b/tools/_release.sh
@@ -36,6 +36,7 @@ if [ "$RELEASE_GPG_KEY" = "" ]; then
         BF6BCFC89E90747B9A680FD7B6029E8500F7DB16
         86379B4F0AF371B50CD9E5FF3402831161D1D280
         20F201346BF8F3F455A73F9A780CC99432A28621
+        F2871B4152AE13C49519111F447BF683AA3B26C3
     "
     for key in $TRUSTED_KEYS; do
         if gpg2 --with-colons --card-status | grep -q "$key"; then