diff --git a/README.md b/README.md
index 81eaa78..0ac7dc5 100644
--- a/README.md
+++ b/README.md
@@ -21,10 +21,14 @@ https://code.factoring.digital/api/packages/public/alpine/v3.23/alpine-packages
 Install the registry signing key on each Alpine node:
 
 ```sh
-curl -fsSLo /etc/apk/keys/public-alpine.rsa.pub \
-  https://code.factoring.digital/api/packages/public/alpine/key
+cd /etc/apk/keys
+curl -fsSLOJ https://code.factoring.digital/api/packages/public/alpine/key
 ```
 
+Keep the filename returned by Gitea. Alpine matches repository signatures by key
+filename, so saving the key under another name makes `apk update` report
+`UNTRUSTED signature`.
+
 Add the stable package repository:
 
 ```sh