diff --git a/10.1/jdk11/temurin-jammy/Dockerfile b/10.1/jdk11/temurin-jammy/Dockerfile
index 57f0ca2f..9b2f2744 100644
--- a/10.1/jdk11/temurin-jammy/Dockerfile
+++ b/10.1/jdk11/temurin-jammy/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/10.1/jdk11/temurin-noble/Dockerfile b/10.1/jdk11/temurin-noble/Dockerfile
index 66786d9c..68236aa5 100644
--- a/10.1/jdk11/temurin-noble/Dockerfile
+++ b/10.1/jdk11/temurin-noble/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/10.1/jdk17/temurin-jammy/Dockerfile b/10.1/jdk17/temurin-jammy/Dockerfile
index 6755246d..8da8d151 100644
--- a/10.1/jdk17/temurin-jammy/Dockerfile
+++ b/10.1/jdk17/temurin-jammy/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/10.1/jdk17/temurin-noble/Dockerfile b/10.1/jdk17/temurin-noble/Dockerfile
index dfcdd5e6..a328c0c9 100644
--- a/10.1/jdk17/temurin-noble/Dockerfile
+++ b/10.1/jdk17/temurin-noble/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/10.1/jdk21/temurin-jammy/Dockerfile b/10.1/jdk21/temurin-jammy/Dockerfile
index 6fa1a926..196e87d0 100644
--- a/10.1/jdk21/temurin-jammy/Dockerfile
+++ b/10.1/jdk21/temurin-jammy/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/10.1/jdk21/temurin-noble/Dockerfile b/10.1/jdk21/temurin-noble/Dockerfile
index 79e2cf0c..85ae270d 100644
--- a/10.1/jdk21/temurin-noble/Dockerfile
+++ b/10.1/jdk21/temurin-noble/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/11.0/jdk21/temurin-jammy/Dockerfile b/11.0/jdk21/temurin-jammy/Dockerfile
index a31911e5..bfea8f17 100644
--- a/11.0/jdk21/temurin-jammy/Dockerfile
+++ b/11.0/jdk21/temurin-jammy/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/11.0/jdk21/temurin-noble/Dockerfile b/11.0/jdk21/temurin-noble/Dockerfile
index e057fa67..8226f9cd 100644
--- a/11.0/jdk21/temurin-noble/Dockerfile
+++ b/11.0/jdk21/temurin-noble/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk11/corretto-al2/Dockerfile b/9.0/jdk11/corretto-al2/Dockerfile
index 17c80772..a341564e 100644
--- a/9.0/jdk11/corretto-al2/Dockerfile
+++ b/9.0/jdk11/corretto-al2/Dockerfile
@@ -73,7 +73,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk11/temurin-jammy/Dockerfile b/9.0/jdk11/temurin-jammy/Dockerfile
index b7183f0f..5af7d00e 100644
--- a/9.0/jdk11/temurin-jammy/Dockerfile
+++ b/9.0/jdk11/temurin-jammy/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk11/temurin-noble/Dockerfile b/9.0/jdk11/temurin-noble/Dockerfile
index 3d58dc54..096e2e82 100644
--- a/9.0/jdk11/temurin-noble/Dockerfile
+++ b/9.0/jdk11/temurin-noble/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk17/corretto-al2/Dockerfile b/9.0/jdk17/corretto-al2/Dockerfile
index 2719ccfa..78b3d882 100644
--- a/9.0/jdk17/corretto-al2/Dockerfile
+++ b/9.0/jdk17/corretto-al2/Dockerfile
@@ -73,7 +73,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk17/temurin-jammy/Dockerfile b/9.0/jdk17/temurin-jammy/Dockerfile
index 58ae6c9c..a3f1501e 100644
--- a/9.0/jdk17/temurin-jammy/Dockerfile
+++ b/9.0/jdk17/temurin-jammy/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk17/temurin-noble/Dockerfile b/9.0/jdk17/temurin-noble/Dockerfile
index 81c72fdb..ef23d27c 100644
--- a/9.0/jdk17/temurin-noble/Dockerfile
+++ b/9.0/jdk17/temurin-noble/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk21/corretto-al2/Dockerfile b/9.0/jdk21/corretto-al2/Dockerfile
index 6b3f07f0..fb9f751b 100644
--- a/9.0/jdk21/corretto-al2/Dockerfile
+++ b/9.0/jdk21/corretto-al2/Dockerfile
@@ -73,7 +73,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk21/temurin-jammy/Dockerfile b/9.0/jdk21/temurin-jammy/Dockerfile
index 2fac2c59..46b8ff1d 100644
--- a/9.0/jdk21/temurin-jammy/Dockerfile
+++ b/9.0/jdk21/temurin-jammy/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk21/temurin-noble/Dockerfile b/9.0/jdk21/temurin-noble/Dockerfile
index 03f59ab3..73cb3e35 100644
--- a/9.0/jdk21/temurin-noble/Dockerfile
+++ b/9.0/jdk21/temurin-noble/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk8/corretto-al2/Dockerfile b/9.0/jdk8/corretto-al2/Dockerfile
index 4db61299..2bb37b2d 100644
--- a/9.0/jdk8/corretto-al2/Dockerfile
+++ b/9.0/jdk8/corretto-al2/Dockerfile
@@ -73,7 +73,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk8/temurin-jammy/Dockerfile b/9.0/jdk8/temurin-jammy/Dockerfile
index 75540d33..a429246f 100644
--- a/9.0/jdk8/temurin-jammy/Dockerfile
+++ b/9.0/jdk8/temurin-jammy/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/9.0/jdk8/temurin-noble/Dockerfile b/9.0/jdk8/temurin-noble/Dockerfile
index 3cc5a731..390b1b66 100644
--- a/9.0/jdk8/temurin-noble/Dockerfile
+++ b/9.0/jdk8/temurin-noble/Dockerfile
@@ -60,7 +60,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \
diff --git a/Dockerfile.template b/Dockerfile.template
index bb6868ab..72a3b888 100644
--- a/Dockerfile.template
+++ b/Dockerfile.template
@@ -115,7 +115,11 @@ RUN set -eux; \
 	ddist 'tomcat.tar.gz.asc' "tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc" "$TOMCAT_VERSION/tomcat-$TOMCAT_VERSION.tar.gz.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
+# try keys.openpgp.org first, as it is the superior keyserver
+		gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+# GnuPG returns a zero exit code for the above command if it receives key data but without a UID, but with the note that it's skipping the key it was asked to fetch, so the only way we can know if the above command *actually* succeeded is to check! 🙃
+		&& gpg --batch --fingerprint "$key" \
+		|| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
 	done; \
 	gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \
 	tar -xf tomcat.tar.gz --strip-components=1; \